Posted On January 21, 2023 Consumer Privacy & Data Breaches
January 21, 2023 – After discovering that confidential consumer information had been accessed by an unauthorized party, Insulet Corporation filed a data breach notice with the California Attorney General on January 5, 2023. According to the filing, consumers’ protected health information had been accessed. Once confirmed that there was a consumer data leak, Insulet sent out notification letters to all individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Insulet data breach. If you have received a breach notification and are interested in learning about what you can do to protect yourself and if you can receive financial confirmation from Insulet, we are offering free consultations where we can discuss your legal options. If you recently received a NOTICE OF DATA BREACH from COMPANY, contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
Insulet Corporation is a manufacturer of medical devices, including the Omnipod delivery system, which the company boasts is the only insulin delivery system that is tubeless and automated and able to service those with type 1 diabetes ages 2 and older. Based in Acton, Massachusetts, Insulet generates about $1.1 billion in revenue annually and employs over 2,300 people.
According to its filing with the California Attorney General’s office, Insulet sent out emails to consumers on December 1, 2022. Within the email was a link that directed consumers to another webpage on omnipod.com. Consumers’ protected health information was embedded in the URL of the webpage, and omnipod.com used cookies and other methods of tracking to collect that information and distribute it to “performance and marketing partners.”
On January 5, 2022, Insulet Corporation sent out letters to all individuals whose sensitive information had been compromised.
If you receive a notice of a data breach from Insulet Corporation, it means your personal information, including protected health information, was leaked to an unauthorized party. But what can someone even do with your protected health information?
According to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), only certain information is considered protected. Some of the information that is considered protected includes names, relevant dates such as dates of birth, medical record numbers, account numbers, addresses, Social Security numbers, and many more, adding up to 18 different identifiers.
With the information listed, there are any number of things that hackers can do with the information or even sell it on the dark web for others to make use of. One such thing is receiving patient care using your information, called medical identity theft. That can leave you with medical bills that aren’t yours or even mess with information in your medical records, such as diagnosis and medication information.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Insulet Corporation data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter sent out to affected individuals:
Dear [Redacted],
We are contacting you because Insulet Corporation (“Insulet”) recently experienced a data privacy incident that may affect some of your protected health information (“PHI”). Please review this notice carefully to learn about the incident and how it may affect a portion of your PHI.
What Happened?
Recently, Insulet sent a Medical Device Correction (“MDC”) letter to Omnipod DASH@ customers, including you. There was a follow-up receipt acknowledgment request sent by email. We believe that the configuration of web pages used for receipt verification exposed some limited personal information about you to certain Insulet website performance and marketing partners. No financial information, social security numbers, email addresses, or passwords were exposed. While no financial information was exposed in this incident, please see the consumer notice (download PDF) provided to you per state and federal law.
We sent out MDC acknowledgment request emails to certain customers, including you, on or about December 1, 2022. The e-mail included a clickable link to a unique verification page on the omnipod.com website. The URL (web page address) for each customer’s unique page included: customer IP address (an internet protocol code number that may identify the location from which the webpage was accessed), whether customer is an Omnipod DASH user and whether customer has a Personal Diabetes Manager (“PDM”). These URLs were shared with website performance and marketing partners of Insulet through website “cookies” and/or other trackers embedded in the omnipod.com website code on the MDC acknowledgment web page.
We have completed an extensive review and investigation through which we identified you as a potentially affected individual.
What Information Was Involved?
Insulet believes that IP address, customer use of the Omnipod DASH product, and customer use of a PDM were exposed to website performance and marketing partners of Insulet.
What We are Doing
Insulet takes this event very seriously. After discovering the privacy incident on December 6, 2022, we disabled all tracking codes on the MDC acknowledgment web page that same day so that no further exposure of PHI as described in this letter could occur. Where possible, we are also requesting that our partners delete logs of the IP addresses and unique URLs so that they would not continue to have access to that information.
For More Information
If you have any further questions or concerns about this incident, feel free to contact us at our toll-free number 1-800-641-2049 or by email at privacy@insulet.com We thank you for your continued support.
