13. Zoll Services
Number Of Records Exposed: 277,319
Data from Zoll Services emails was exposed during a server migration that occurred between Nov. 8, 2018 and Dec. 28, 2018. Information that may have been exposed during the leakage includes patient names, addresses, dates of birth, Social Security numbers, and limited medical information.
The Chelmsford, Mass.-based medical device manufacturer had its emails archived by a third-party service provider to comply with record retention and maintenance requirements, policies, and procedures. Some personal information was included in the email communications stored by the third-party service provider.
Zoll learned of the data leakage on Jan. 24, 2019, and disclosed it publicly on March 18. The company said it's taking steps to review its process for managing third party vendors, and confirmed the impacted email archiving provider has also taken actions to help protect against similar incidents in the future.