Omnipod Insulin Creators Face Data Leak
Table of Contents
- By Steven
- Jan 19, 2023
Every company that has to do with medical information or practices, from insurance to pharmaceuticals, will never stop being a target for hackers. The only way to stop this – and this would only be partly – is to make all medical information public. Obviously, many people find the idea of everyone knowing everything about them very disconcerting. But the most unfortunate part of all of this is that this breach was not a hack.
How Did the Leak Occur?
The leak occurred when an Insulet employee attempted to send emails containing customer PHI (personal health information) to customers as a receipt and managed to share some of those emails with certain partners of Insulet's. This kind of data breach has been happening more often, as "to err is human." Human error will not be able to be removed from the workplace until robots take over; seeing as we are still in the days of human-made stuff, we shouldn't worry about that quite yet. However, employers should be taking steps to minimize these mistakes.
What Information Was Leaked?
The emails contained:
- IP addresses.
- Customer use of a PDM (personal diabetes manager).
- Customer use of the Omnipod DASH product.
This information was shared with marketing and website optimization partners. This means that the emails were most likely not sent en masse and were likely only sent to one person within the partnering marketing company.
How Did Insulet Admit to the Leak?
Insulet alerted customers by sending them letters, which also must be reported to and can be found on the California Attorney General's Office's website. It was a very informative letter and (thankfully) was very simply worded. A lot of breach notifications like to use big words to confuse customers, so they either think, "it can't possibly be as bad as it is," or "there's nothing to worry about because so and so said (in very uncertain terms) that they had handled it." Insulet stated plainly the steps it had taken and what could be done about the data leak.
What Will Become of the Stolen Information?
"Where possible, we are also requesting that our partners delete logs of the IP addresses and unique URLs so that they would not continue to have access to that information," reads the notice sent to the California Attorney General's Office. Of course, it's hard to believe that the party will truly delete the information in today's day and age, but we can hope and take precautions to protect ourselves, just in case we are wrong.
What Should Affected Parties Do in the Aftermath of the Leak?
After this email leak, there are steps you can take to protect yourself in case the information is leaked. For starters, identity theft monitoring never really hurts, and it can also tell you if your information was accessed before now, though it may not be able to tell you exactly when. Then, credit monitoring will be smart. Even though the marketing partner accessed no financial information or social security numbers in this leak, it is still a safe route to take.