Approximately 140,000 patients had significant personal information, including for some their Social Security Numbers, that they entrusted to San Diego-based Tandem Diabetes Care, Inc. (NASDAQ: TNDM) compromised because of several employees being subject to a “Phishing” scam back in January 2020. Tandem is one of the largest insulin pump manufacturers in the world.
The compromised information included customer contact information, information related to their use of Tandem’s products and/or clinical data regarding customers’ diabetes therapy, all revealing sensitive personal health information about patients that is protected from disclosure under both state and federal law and that is required by law to heightened security protection.
Although Tandem has known about this issue for almost two months, it just revealed on March 16, 2020 it was sending notifications of this data breach to customers over the next week.
With the current news about the COVID-19 pandemic, the timing for sending such a notice could not be worse. Many patients may not be able to process the importance of this notice or the actions they need to take to protect such data from further disclosure and are already dealing with other personal issues as they may be in particularly vulnerable health conditions.
In addition, with services strained because of the COVID-19 shelter orders, many consumers will likely be unable to get quick answers to basic questions about their options.
Tandem’s CEO John Sheridan has admitted that “we take the protection of our customer data very seriously, and regrettably, we did not meet the high standard we set to prevent this type of phishing attack from occurring.”
However, other than notifying consumers of this data breach by mail, Tandem at this point has not stated what, if anything, it will do to protect consumers or provide any relief to them.
A southern California class action law firm is investigating the data breach.