Tandem Diabetes Care alerts more than 140,000 patients to security incident
A US-based manufacturer of medical devices for diabetes patients has revealed that customer data was exposed during a phishing attack that breached five employee email accounts in January.
In a press release issued on March 16, San Diego-based Tandem Diabetes Care said the compromised email accounts contained “customer contact information, information related to the use of Tandem’s products or services, and/or clinical data regarding customer diabetes therapy”.
In some “very limited instances”, customer Social Security numbers may also have been compromised.
After discovering the attack, the company said it immediately secured the affected email accounts and launched an investigation, which found that an unauthorized user had gained access to the affected accounts between January 17-20, 2020.
Tandem Diabetes Care said there was “no indication that any customer information was accessed by the unauthorized user and there has been no indication that any customer information has been misused.”
The company said it notified potentially affected customers of the incident via letters sent out on March 17.
Customers whose Social Security numbers were potentially exposed have been offered complimentary membership of credit monitoring and identity protection services.
“We take the protection of our customer data very seriously, and regrettably, we did not meet the high standard we set to prevent this type of phishing attack from occurring,” said John Sheridan, president and chief executive officer of Tandem Diabetes Care.
“We apologize this incident took place and are continuing to invest in cyber security and data protection safeguards. In addition, we are implementing additional email security controls and strengthening our user authorization and authentication processes.”
Founded in 2006 as Phluid, Tandem Diabetes Care develops medical technologies for the treatment of diabetes and has a 20% share of the US insulin pump market.
The Daily Swig has contacted the company for comment.