Third Party Vendor Responsible for Release of Zoll’s Patients Information
Who: ZOLL Medical Corporation
When: Reported 18 March 2019
# of records involved: 277,319
What happened: ZOLL discovered that some email archived by an unnamed third-party service provider been exposed during a server migration.
How did it happen: Third-party service provider providing e-mail archival services was migrating servers and exposed PII of Zoll’s customers in the process.
Outcome: ZOLL is not aware of any fraud or identity theft to any individual as a result of this exposure. The vendor has since confirmed that all information has now been secured. ZOLL takes the privacy and security of patient information very seriously. Upon learning of the incident, ZOLL immediately initiated an internal review and retained a leading independent forensics firm to conduct a thorough investigation of the incident. Law enforcement and federal and state agencies have been notified to give them the opportunity to further investigate. Further, ZOLL is taking steps to review its process for managing third-party vendors and confirmed that the impacted vendor has also taken actions to help prevent similar incidents in the future.