Zoll Medical discloses email phishing attack and potential data breach

Zoll Medical Corp. said a cyberattack may have exposed protected health information of current and former employees, dependants and beneficiaries.

Chelmsford, Massachusetts-based Zoll — an Asahi Kasei company — characterized the incident as a “sophisticated email phishing attack” that targeted a Zoll employee.

Phishing attacks use seemingly trustworthy communications via emails, text messages or even phone calls to get the recipient to share security information such as passwords or to open a malicious hyperlink or attachment.

“This incident was limited to emails and had no impact on Zoll’s medical devices, software, or services,” the company said in a news release. “The PHI affected by the incident varied by individual and may have included some individuals’ names, addresses, Social Security numbers, and protected health information and/or health insurance information.”

Zoll said it has no indication that the information has been misused, but that it will notify affected individuals by mail and offer free credit monitoring and identity theft protection services. A dedicated call center for the incident at 800-459-4255 is open from 8 a.m. to 8 p.m. Central time on weekdays, except for major U.S. holidays.

Zoll said it is also evaluating its cybersecurity education and training measures for employees.

In January, Zoll disclosed a cyberattack that potentially exposed PHI and other personal information for more than 1 million people. At the time, the company said it would enhance its data security practices. The company now faces litigation from patients affected by that data breach.

Zoll makes advanced emergency care devices that provide defibrillation and cardiac monitoring, circulation enhancement and CPR feedback, supersaturated oxygen therapy and ventilation.

Other medical device manufacturers have been hit by cyberattacks this year, most notably Henry Schein and LivaNova. In April, the FDA launched new cybersecurity requirements for developers and manufacturers of cyber devices.