Zoll Data Breach Lawsuit: Sensitive Data of 1 Million Class Members Exposed

  • Home
  • news
  • Zoll Data Breach Lawsuit: Sensitive Data of 1 Million Class Members Exposed
April 3, 2023

by Brian Eckert

Zoll Medical Corporation recently suffered a data breach that exposed the personal information of more than one million individuals, leading to a class action lawsuit from Milberg. The Zoll data breach lawsuit claims the company did not adequately protect employee and patient personal data and failed to provide proper notice of the breach. This is Zoll’s second major data breach in four years.

If you are affected by the Zoll data breach, you may be automatically eligible to join this lawsuit. You do not have to hire an attorney or pay out-of-pocket legal fees. Milberg is representing all plaintiffs on a contingency basis.

January Cyberattack Leads to Compromised Information

Zoll Medical makes “medical devices and software solutions that help advance emergency care,” according to the company’s website. Its products include cardiac monitoring, oxygen therapy, resuscitation, and ventilation products and associated software solutions.

As part of doing business, Zoll collects the personal information of its customers and employees. It stores this information on files in its computer network.

Despite Zoll’s previous data security failures, [it] suffered a second, larger data breach in 2023.

In March, Zoll announced that it suffered a data breach when an unauthorized third party gained access to its internal network. The breach, which was detected on January 28th and lasted into the following day, exposed Zoll employee and patient data to cybercriminals. Names, addresses, dates of birth, and Social Security numbers are among the impacted information.

“It may also be inferred that you used or were considered for use of a Zoll product,” the company added.

Zoll told Fierce Medtech in a statement that the “cybersecurity incident” affected current and former users of the LifeVest device, a wearable cardioverter defibrillator, but “does not affect the safety or operation of the LifeVest device or any other Zoll medical device.”

According to a data breach notice filed with the Maine Attorney General, a total of 1,004,443 individuals are affected by the breach, the second in four years at Zoll.

In March 2019, Zoll reported a data breach that occurred during a routine server migration and compromised the medical and personal data of 277,319 patients. It remains unclear what type of cyberattack Zoll fell victim to in the latest breach.

Milberg Lawsuit Cites “Reckless Disregard” of Data Security

“Despite Zoll’s previous data security failures, [it] suffered a second, larger data breach in 2023,” states Milberg’s Zoll data breach lawsuit. These repeated breaches allegedly demonstrate a “reckless disregard for the safety of its employees’ and patients’ sensitive information.”

A complaint filed in Massachusetts District Court accuses Zoll of failing to failing to encrypt class members’ information, take adequate measures to train employees, detect breaches, protect sensitive data, and provide timely or adequate notice of the breach.

Zoll was at all times fully aware of its obligations to protect the PII of employees and patients because of its position as employer and healthcare provider, which gives it direct access to reams of PII. Defendant was also aware of the significant repercussion that would result from its failure to do so.

The lawsuit notes that, not only has Zoll suffered two major data breaches in four years, but data breaches against all companies—and healthcare companies in particular—are on the rise. In 2021, the number of data breaches reached the highest total ever, increasing 68% year over year. Healthcare data breaches also hit an all-time high in 2021. While 2022 breaches remained relatively flat, the number of people affected by them was up about 40%, reports CNET.

Lead Plaintiff and Proposed Class

Zoll knew or should have known about the risk of a cyberattack on its systems and was aware of its obligations to protect consumer PII, but nonetheless did not implement basic data security practices, states Milberg’s lawsuit. As a result, Zoll customers and employees are at risk of fraud and identity theft for years to come now that their PII has been exposed in the data breach.

The lead plaintiff says he has had to spend valuable time monitoring his accounts in an effort to prevent misuse of his PII. He also claims emotional distress from the breach. The plaintiff, citing negligence, seeks to represent a class of the following persons:

  • All individuals in the United States whose PII was comprised in the Zoll Medical Data Breach announced on or about March 10, 2023.

If certified as a class action, the Zoll data breach lawsuit could result in monetary damages, identity theft protective services, and other benefits for class members.

Milberg’s Class Action and Data Breach Practices

Milberg class action attorneys have filed hundreds of data breach lawsuits and won millions of dollars for data breach victims. Our data breach and privacy lawyers work at the cutting edge of technology and law, helping to create meaningful checks and balances against technology and the companies that wield it.

To read about some of our other data breach cases, visit our news page and follow us on Facebook and Twitter.