Insulet Corporation

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In January 2023, Insulet Corporation, a Massachusetts-based medical device company, experienced a data breach impacting approximately 29,000 users of its Omnipod DASH Insulin Management System. This incident was linked to a Class I recall of the Omnipod DASH system by the FDA due to issues with the device’s battery, which posed risks such as swelling, fluid leakage, and extreme overheating that could potentially create a fire hazard.

The breach occurred when Insulet sent a follow-up letter to users in December, requesting acknowledgment of receipt of a Medical Device Correction (MDC) letter. This letter contained a link to a unique webpage that inadvertently exposed users’ IP addresses and information regarding their use of the DASH system and Personal Diabetes Manager (PDM) to website performance and marketing partners. The exposed data did not include financial information, email addresses, passwords, or social security numbers. However, IP addresses, which can be linked to a user’s location or network, were considered personal identifiers and were exposed

Insulet discovered the privacy incident on December 6, 2022, and immediately disabled all tracking codes on the relevant acknowledgment web page to prevent further exposure of Protected Health Information (PHI).

Breach Submission Date Jan 05, 2023
Converted Entity Name Insulet Corporation
Converted Entity Type Healthcare Provider
State MA
Individuals Affected 29,000
Breach Type Unauthorized Access/Disclosure

Breach Information Location Network Server

Business Associate Present Yes