Medical device company ZOLL has announced a data breach of patient information involving a third-party provider, stating:
On January 24, 2019, ZOLL learned of a data security incident that impacted the personal and medical information of some patients. As a precaution, ZOLL is providing this notice to make potentially affected patients aware of the incident and provide information on actions ZOLL has taken in response, resources available to impacted patients, and steps they can take to protect themselves. ZOLL’s email is archived by a third-party service provider to comply with record retention and maintenance requirements, policies, and procedures. Some personal information was included in the email communications stored by the third-party service provider.
Matan Or-El, CEO at Panorays:
“This latest data breach illustrates the importance of monitoring the cybersecurity posture of third parties that do business with healthcare providers. These providers hold some of our most sensitive and confidential data: personal and demographic information, financial statements, health details and insurance policies. Attackers can use this information for identity theft, insurance fraud, financial gain, or even blackmail.
Often the best way for hackers to reach this information is through third parties, who have access to healthcare organizations’ data but lack adequate security to guard it.
For this reason, assessing and continuously monitoring healthcare organizations’ third-party security is critical.”