IoT Heart Devices Threat to Personal Health Information (PHI) for at least 1 Million Patients!

HealthCareInfoSecurity.com reported that “Emergency medical device provider Zoll Medical is notifying more than 1 million individuals - including employees, patients and former patients - of a hacking incident that compromised their personal information.”  The March 13, 2023 article entitled “Heart Device Maker Says Hack Affected 1 Million Patients” (https://tinyurl.com/3yvy7muv) included these comments:  

The company told Information Security Media Group that the cybersecurity incident affects current and former users of the company's LifeVest device - a wearable cardioverter defibrillator worn by patients at high risk of sudden cardiac death. The incident does not affect the operation or safety of the product or any other Zoll medical device or related software, a company spokesperson said.

Massachusetts-based Zoll, a subsidiary of Japanese technology firm Asahi Kasei Group, reported the incident on Friday as affecting more than 1 million individuals.

The incident illustrates how deeply networked connectivity has penetrated the medical device market, a development that has created new opportunities for hackers to steal personal information in an industry historically unaccustomed to fending off threat actors.

Information potentially disclosed in the cybersecurity incident includes individuals' names, addresses, birthdates and Social Security numbers. "It may also be inferred that you used or were considered for use of a Zoll product," the company says in a sample breach notification letter.

Unfortunately I’m sure no one is surprised!