Medical device and software maker Zoll Medical says the personal and health information of more than a million people, including patients and employees, may have been stolen by crooks in January.
In documents submitted to officials in US states, and letters sent out to those people affected, Zoll said that on January 28 the biz detected “unusual activity” on its internal network and confirmed an intrusion on February 2.
The data that could have been pored over or exfiltrated includes the names, addresses, birth dates, and Social Security numbers of current and former employees and patients, they wrote in a March 10 letter which is included in the state filings. In addition, miscreants seeing this information may be able to infer that some of those people either used or considered using a Zoll product, the LifeVest wearable cardioverter defibrillator.
Officials with Zoll, a company owned by Japanese multinational chemical company Asahi Kasei and based in Chelmsford, Massachusetts, said in the letter that there was no indication that the exposed information has been misused.
“We consulted with third-party cybersecurity experts to assist with our response to and remediation of the incident, and we notified law enforcement and federal and state regulatory agencies as required by law,” they wrote.
It was unclear what kind of attack led to the data breach, whether the information was exfiltrated or a ransom demanded, or how the cybercriminals were able to get into the company’s internal network. While data loss incident reporting is required