Medical device company Insulet issued a notice of a data breach that may have compromised the protected health information of 29,000 users of its recently recalled Omnipod DASH Insulin Management System.
The data breach occurred when the company requested users acknowledge they had received a notice about a recall of the Omnipod DASH Insulin Management System. The recall was due to complaints about the battery, including swelling, fluid leaking and extreme overheating that may create a fire hazard.
The company issued a voluntary device recall one month prior, in October 2022, and notified users via an Urgent Medical Device Correction email.
In December, Insulet sent a follow-up letter requesting users acknowledge they received a medical device correction letter with a link to a unique webpage that inadvertently exposed IP addresses and whether customers used the DASH system and PDM to website performance and marketing partners.
According to a copy of the letter Insulet sent to customers regarding the data breach, the company said "configuration of web pages used for receipt verification exposed some limited personal information" about customers. Financial information, email addresses, passwords and social security numbers were not disclosed.
Insulet notified the U.S. Department of Health and Human Services of the data breach on Jan. 5, according to the department's database.
Join the HealthXL Meeting on ‘Product Differentiation for Digital Health Solutions in the Cardiometabolic Disease Area’ on 7th February. Click here to Request to Join.
Click here to read the original news story.