On March 16, 2020, Tandem Diabetes Care, Inc., a San Diego, CA based manufacturer of medical devices for diabetes patients, announced a breach of confidential personal and health information after hackers accessed the email accounts of multiple employees during a phishing attack in January 2020. Tandem stated that “customer contact information, information related to the use of Tandem’s products or services, and/or clinical data regarding customer diabetes therapy” and the social security numbers of customers may have been compromised in some “very limited instances.”
Information provided by Tandem to the US Department of Health and Human Services indicates that the information for over 140,000 customers may have been compromised in this breach.
How do I know if my personal information was compromised?
The law requires companies that store personal health information or other confidential information, to notify all potentially affected consumers of any data breach involving their personal or confidential information. On March 17, Tandem sent out letters to all potentially affected customers notifying them of the data breach.
How did the data breach occur?
The Tandem data breach occurred because of a “phishing attack” which occurs when hackers send out emails, texts or instant messages that contain an attachment or a link to malware. When a recipient of the email opens the attachment or link within it, the malware is automatically downloaded onto the recipient’s computer and any email network the recipient is utilizing. This allows the hacker access to the company’s network and the data stored on it.
Hackers frequently attempt to disguise the email, text or instant message as coming from a trusted source so the recipient will open the “phishing” message. Phishing attacks are among the most common types of data breaches because of their relative simplicity.
Why are data breaches harmful?
Healthcare related companies, like Tandem, are frequent hacking targets due to the value that healthcare related information possesses on the black market along with the fact the industry has been slower to invest in cyber security than other industries. Tandem, for instance, announced it will “continue to invest in cyber security and data protection safeguards” as well as implement “additional email security controls and strengthening our user authorization and authentication process.”
Data breaches of personal health information can result in significant costs to consumers. As a result, companies like Tandem need to take cyber security seriously to prevent a data breach from happening in the first place, and not merely as a post-breach remedy.
What legal obligations did Tandem have to protect confidential information?
There are several federal and state laws enacted to help ensure that companies that store personal health information and other confidential information maintain that information securely. These include the federal Health Insurance Portability and Accountability Act (“HIPAA”), the California Confidentiality of Medical Information Act (“CMIA”) and the California Consumer Privacy Act (“CCPA”). These statutes require companies to maintain reasonable cyber security procedures, report any breaches of this data that occurs and requires the payment of statutory damages for violations of these acts.
What are my legal rights?
If you received notification that your information may have been compromised in the Tandem Diabetes Care data breach and would like to discuss your legal rights, you can call us at 1-800-736-9085, email us at firstname.lastname@example.org or fill out the form below for a free consultation. Our attorneys are dedicated to helping consumers who have been the victims of a data breach.