MiniMed Distribution Corp.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Medtronic MiniMed Data Breach

Medtronic MiniMed, Inc. and MiniMed Distribution Corp., collectively known as Medtronic Diabetes, experienced a data breach that was disclosed to the public in April 2023. The breach was a result of the company’s use of tracking and authentication technologies that inadvertently disclosed confidential consumer information to unauthorized parties.

Details of the Breach

On February 13, 2023, Medtronic Diabetes discovered that certain Google Services they employed to gather information about users transmitted their information to Google without the users’ permission. The affected services included Google Analytics for Firebase, Crashlytics for Firebase, and Firebase Authentication, which were used in the InPen App, a diabetes management application[1][3][5][7][9].

The disclosed information may have included consumers’ names, email addresses, IP addresses, phone numbers, and protected health information. However, no social security numbers, financial account details, credit card, or debit card information were involved in this incident[1][5][7][9].

Company’s Response

Upon discovering the breach, Medtronic Diabetes initiated an internal investigation to understand the extent of the unauthorized access. They began reviewing the affected files to determine what information was compromised and which consumers were impacted[1][3].

Medtronic Diabetes has since removed Google Analytics from the latest version of the InPen App and is transitioning from Crashlytics and Firebase Authentication to new platforms. They have also taken steps to further mitigate the risk of unauthorized disclosures of user protected health information in the future[7][9].

Legal and Regulatory Implications

The breach has led to Medtronic Diabetes facing legal actions. A class action lawsuit has been filed against the company, alleging that they shared patients’ health information with third parties without consent[11]. Additionally, the incident was reported to the U.S. Department of Health and Human Services as affecting nearly 58,400 individuals[8][9].

Recommendations for Affected Individuals

Medtronic Diabetes sent out data breach notification letters to all individuals whose information was compromised. They have advised users to keep their InPen App updated to the latest version and to be vigilant for signs of fraud or identity theft[1][7][10].

Affected individuals are encouraged to contact an experienced attorney to understand their legal options and to potentially join the class action lawsuit seeking financial damages and extended credit monitoring[3][11].

Conclusion

The Medtronic MiniMed data breach serves as a reminder of the importance of data privacy and the potential risks associated with the use of tracking technologies. It also highlights the legal responsibilities companies have to protect consumer data and the potential consequences of failing to do so.

Citations:

  1. https://www.jdsupra.com/legalnews/medtronic-minimed-inc-and-minimed-4006570/
  2. https://www.mass.gov/doc/assigned-data-breach-number-20286-medtronic-additional-information/download
  3. https://www.myinjuryattorney.com/data-breach-at-medtronic/
  4. https://go.gale.com/ps/i.do?id=GALE%7CA776693950&it=r&p=HRCA&sid=sitemap&sw=w&v=2.1
  5. https://www.idstrong.com/data-breaches/minimed-distribution-group-breach/
  6. https://oag.ca.gov/privacy/databreach/list
  7. https://oag.ca.gov/system/files/Substitute%20Notice.pdf
  8. https://www.bankinfosecurity.com/insulin-app-maker-faces-privacy-lawsuit-for-web-tracker-use-a-22980
  9. https://www.hipaajournal.com/medtronic-inpen-app-disclosures-pii-google/
  10. https://www.medtronicdiabetes.com/res/img/pdfs/Individual-Email-Notice-Adults-Version.pdf
  11. https://www.classaction.org/news/inpen-data-breach-medtronic-shares-patients-health-info-with-third-parties-via-ios-android-apps-lawsuit-alleges
  12. https://www.medtechdive.com/news/fda-warning-letter-medtronic-diabetes-group/616665/
  13. https://www.lexology.com/library/detail.aspx?g=f2263b82-fcd2-4447-8d63-26617e643a09
  14. https://www.machinedesign.com/medical-design/article/21274224/alleged-insulin-pen-data-breach-sounds-alarm-on-data-protection-for-patients
  15. https://www.thelyonfirm.com/blog/medtronic-minimed-data-tracking-investigation/
Breach Submission Date Apr 14, 2023
Converted Entity Name MiniMed Distribution Corp.
Converted Entity Type Healthcare Provider
State CA
Individuals Affected 58,374
Breach Type Unauthorized Access/Disclosure

Breach Information Location Network Server

Business Associate Present Yes