MiniMed Distribution Corp.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Medtronic MiniMed Data Breach
Medtronic MiniMed, Inc. and MiniMed Distribution Corp., collectively known as Medtronic Diabetes, experienced a data breach that was disclosed to the public in April 2023. The breach was a result of the company’s use of tracking and authentication technologies that inadvertently disclosed confidential consumer information to unauthorized parties.
Details of the Breach
On February 13, 2023, Medtronic Diabetes discovered that certain Google Services they employed to gather information about users transmitted their information to Google without the users’ permission. The affected services included Google Analytics for Firebase, Crashlytics for Firebase, and Firebase Authentication, which were used in the InPen App, a diabetes management application[1][3][5][7][9].
The disclosed information may have included consumers’ names, email addresses, IP addresses, phone numbers, and protected health information. However, no social security numbers, financial account details, credit card, or debit card information were involved in this incident[1][5][7][9].
Company’s Response
Upon discovering the breach, Medtronic Diabetes initiated an internal investigation to understand the extent of the unauthorized access. They began reviewing the affected files to determine what information was compromised and which consumers were impacted[1][3].
Medtronic Diabetes has since removed Google Analytics from the latest version of the InPen App and is transitioning from Crashlytics and Firebase Authentication to new platforms. They have also taken steps to further mitigate the risk of unauthorized disclosures of user protected health information in the future[7][9].
Legal and Regulatory Implications
The breach has led to Medtronic Diabetes facing legal actions. A class action lawsuit has been filed against the company, alleging that they shared patients’ health information with third parties without consent[11]. Additionally, the incident was reported to the U.S. Department of Health and Human Services as affecting nearly 58,400 individuals[8][9].
Recommendations for Affected Individuals
Medtronic Diabetes sent out data breach notification letters to all individuals whose information was compromised. They have advised users to keep their InPen App updated to the latest version and to be vigilant for signs of fraud or identity theft[1][7][10].
Affected individuals are encouraged to contact an experienced attorney to understand their legal options and to potentially join the class action lawsuit seeking financial damages and extended credit monitoring[3][11].
Conclusion
The Medtronic MiniMed data breach serves as a reminder of the importance of data privacy and the potential risks associated with the use of tracking technologies. It also highlights the legal responsibilities companies have to protect consumer data and the potential consequences of failing to do so.
Citations:
- https://www.jdsupra.com/legalnews/medtronic-minimed-inc-and-minimed-4006570/
- https://www.mass.gov/doc/assigned-data-breach-number-20286-medtronic-additional-information/download
- https://www.myinjuryattorney.com/data-breach-at-medtronic/
- https://go.gale.com/ps/i.do?id=GALE%7CA776693950&it=r&p=HRCA&sid=sitemap&sw=w&v=2.1
- https://www.idstrong.com/data-breaches/minimed-distribution-group-breach/
- https://oag.ca.gov/privacy/databreach/list
- https://oag.ca.gov/system/files/Substitute%20Notice.pdf
- https://www.bankinfosecurity.com/insulin-app-maker-faces-privacy-lawsuit-for-web-tracker-use-a-22980
- https://www.hipaajournal.com/medtronic-inpen-app-disclosures-pii-google/
- https://www.medtronicdiabetes.com/res/img/pdfs/Individual-Email-Notice-Adults-Version.pdf
- https://www.classaction.org/news/inpen-data-breach-medtronic-shares-patients-health-info-with-third-parties-via-ios-android-apps-lawsuit-alleges
- https://www.medtechdive.com/news/fda-warning-letter-medtronic-diabetes-group/616665/
- https://www.lexology.com/library/detail.aspx?g=f2263b82-fcd2-4447-8d63-26617e643a09
- https://www.machinedesign.com/medical-design/article/21274224/alleged-insulin-pen-data-breach-sounds-alarm-on-data-protection-for-patients
- https://www.thelyonfirm.com/blog/medtronic-minimed-data-tracking-investigation/