ZOLL Medical Corporation to Blame for Data Breach Affecting More Than 1M People, Class Action Says

New to ClassAction.org? Read our Newswire Disclaimer

At least two proposed class action lawsuits claim negligence on the part of ZOLL Medical Corporation resulted in a “foreseeable” data breach that compromised the personal information of over a million people.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The complaints say that the company—a manufacturer of medical devices such as defibrillators, ventilators, aspirators and cardiac monitors—discovered in early February of this year that an unauthorized third party had gained access to its computer network sometime between January 28 and February 2.

The suits relay that the private data of around 1,004,443 current and former customers was compromised in the breach, in particular that belonging to consumers who were considered for use of a ZOLL LifeVest wearable cardioverter defibrillator. According to the filings, the exposed data included consumers’ names, dates of birth, home addresses, Social Security numbers and details about ZOLL products or services they received.

Per the cases, ZOLL failed to implement adequate cybersecurity measures to safeguard consumers’ sensitive information and allegedly stored the data unencrypted and unprotected in its servers.

In addition, the complaints take issue with the company’s delayed notification of victims of the cyberattack. Though ZOLL purports to have discovered the unauthorized access in early February, notices were not issued to those affected by the incident until mid-March, a month and a half later, the filings share.

The lawsuits argue that given the prevalence of data breaches in the healthcare industry, ZOLL should have understood the threat of a ransomware attack and taken commensurate steps to protect the valuable information left in its care.

As of the date the complaints were filed, the company has done “absolutely nothing” to make amends or provide relief to victims, the suits charge. Though the defendant has offered impacted individuals two years of fraud and identity monitoring services, the cases contend that the gesture does not begin to compensate for the lifelong risk of identity theft, data intrusion, phishing schemes and other illegal activity victims now face.

One plaintiff, a North Carolina resident who used a ZOLL LifeVest product last year, received notice on March 10 that her personal information had been compromised in the breach, one complaint says. On March 13, the woman received a letter from Chase Bank notifying her of a failed attempt to open an account in her name, a request that purportedly did not come from the plaintiff, the filing explains.

The other plaintiff, a Tennessee resident who bought a ZOLL product in 2017, also received notice from the company that his private data had been compromised in the cyberattack, the suit relays.

The lawsuits look to represent anyone identified by ZOLL as among those impacted by the data breach, including all who were sent a notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.