Philips Respironics reported that it used a software made by a third party, Progress Software, as a system for exchanging files containing therapy data from sleep and respiratory devices. The software, MOVEit Transfer, which is widely used by organizations to transfer files, contained a vulnerability allowing it to be exploited.
Philips Respironics reported to the Company that the investigation performed by Philips Respironics revealed that information was accessed by unauthorized actors on May 31, 2023 due to the vulnerability in MOVEit Transfer software. The affected personal information may have included names, contact information, dates of birth, medical information relating to sleep and respiratory care, and health insurance information. Philips Respironics reported that its investigation determined that financial information such as social security numbers or credit card information was not included in this incident. On December 21, 2023, Philips Respironics informed Company that personal information of some patients who used sleep and respiratory devices provided by Company was exposed.
Philips Respironics has notified Company’s impacted patients for whom it had current contact information and arranged to provide identity protection services including credit monitoring at no charge to affected patients. Individuals who did not receive notification but believe their information may have been affected can call 888-541-7970, Monday through Friday, 9:00 AM to 9:00 PM Eastern Time.
