Posted On January 25, 2022 Consumer Privacy & Data Breaches
January 25, 2022 – Recently, Electromed, Inc. announced that the company experienced a data-security event impacting the personal and health information of more than 47,000 individuals, including customers and employees. In June 2020, Electromed, Inc. learned that an unauthorized third party gained access to and may have removed several files from the company’s information technology servers. These files contained sensitive consumer health information, including the first and last name, full mailing address, medical information and health insurance information of customers and the Social Security numbers, driver’s license numbers, and financial account information of affected employees.
A data breach occurs when a hacker or other criminal surreptitiously gains access to sensitive consumer information stored on a company’s servers. Often, these hackers target organizations that employ outdated or otherwise inadequate data security measures. Hackers may personally use the information they obtain through a cyberattack to commit identity theft. However, it is also common for a hacker to sell the data on the black market. While victims of a data breach may not immediately notice suspicious activity on their accounts, it is imperative affected parties take the necessary precautions to protect themselves from identity theft and other potentially significant financial losses.
Anyone in receipt of an Electromed data breach letter has reason to be concerned. Since the beginning of the COVID-19 pandemic, the instances of identity theft have dramatically increased. In many of these cases, the information needed to commit identity theft was obtained through a data breach such as this one.
If you recently received a data breach letter from Electromed, Inc., you should remain vigilant in monitoring your personal, financial and healthcare-related accounts. Additionally, if evidence emerges that Electromed, Inc. mishandled your data leading up to the data breach, you may be eligible for financial compensation through a data breach lawsuit.
When you trusted Electromed with your personal information, you hoped that the organization would take your privacy seriously. Certainly, you assumed that Electromed would take whatever steps were necessary to prevent your information from ending up in the hands of a criminal. However, the Electromed data breach raises serious questions about the data security measures in place at the time of the breach.
Organizations like Electromed, Inc. have an ethical and legal duty to protect consumers’ personal, identifying, financial and health information. While developing a comprehensive and up-to-date system to protect consumer information is certainly an additional expense, this is merely a cost of doing business in an environment where cyberattacks are common. If a company fails to protect consumers’ sensitive information, it may be liable through a data breach class action lawsuit. Of course, data breach laws are complex, and there is not yet any evidence that Electromed, Inc. was negligent in how it handled consumer data. However, our data breach law firm is actively investigating the breach to determine what legal remedies, if any, affected parties have against Electromed, Inc.
If you have questions about your ability to bring a class action lawsuit against Electromed, Inc., it is important that you reach out to a data breach attorney as soon as possible.
If you recently received a data breach notification from Electromed, Inc. in the mail, it means that an unauthorized person may have accessed, viewed, and retained your sensitive personal information. While there is no telling why someone sought out your information and what they intend to do with it, given the risks involved, it is important you give the situation the attention it requires.
Below are a few ways to protect yourself from identity theft and the other possible financial risks data breaches present:
Electromed, Inc. is a medical device manufacturing company that was founded in 1992 in New Prague, Minnesota. The company develops, manufactures, and markets airway clearance devices designed to help patients suffering from compromised lung function. The company’s flagship product is the SmartVest Airway Clearance System, which “delivers rapidly repeating pulses of air that gently squeeze and release the upper body, causing mucus to loosen, thin, and propel towards major airways, where it’s easier to cough out.” Electromed, Inc. is a publicly-traded corporation on the New York Stock Exchange, under the ticker “ELMD.” In 2020, the company generated over $10 million in revenue, earning a net income of roughly $439,000.
According to the most recent data breach letter released by Electromed, Inc., the company first noticed suspicious activity on some of its servers on June 16, 2021. In response, Electromed worked with a cyber-security firm to look into the breach. The investigation revealed that the unauthorized party accessed certain company files containing sensitive customer and employee information. Ultimately, the investigation revealed that the sensitive information of approximately 47,000 individuals was compromised. As it pertains to customers, the compromised data includes:
For affected employees, the data breach compromised the following data:
Electromed, Inc. explains that there is no sign that the unauthorized third party used or intends to use the data obtained through the cyberattack. However, an investigation is ongoing. Subsequently, the company sent data breach notifications to all affected parties, informing them of the breach and what they can do to protect themselves.
Below is a copy of the initial data breach letter issued by Electromed, Inc. (the online consumer notice can be found here):
Dear [Consumer],
Electromed is notifying individuals whose information may have been involved in a data security incident that occurred in June 2021.
On June 16, 2021, we determined that an unauthorized third party gained access to a limited number of our files. Upon discovery, we immediately initiated an investigation and hired third-party cybersecurity experts to assist in investigating the source and scope of the unauthorized activity, and to further secure our systems. Law enforcement was also notified.
From the investigation, we determined that the unauthorized third party accessed certain files containing certain information of customers, employees, and some third-party contractors. Those files included customers’ protected health information, such as: first and last name, full mailing address, medical information and health insurance information. For associates, Social Security numbers, driver’s license numbers, and financial account information may have been accessed.
Electromed is beginning to mail notification letters to involved individuals to provide them with information about this incident and guidance on how they can help protect their information. To date, we have no indication that any of this information has been used inappropriately, and we have not received any reports of identity theft associated with this incident. However, we are offering complimentary credit monitoring and identity theft protection services to involved individuals. We also recommend that involved individuals review any statements they receive from their healthcare providers and health insurer. If customers see charges for services they did not receive, they should contact the provider or insurer immediately.
