Numotion, a major provider of wheelchairs and mobility equipment, has confirmed a significant data breach affecting the personal and protected health information of almost 500,000 individuals. This breach, stemming from compromised employee email accounts, adds to a series of security incidents plaguing the company.
The Numotion Data breach, discovered between September 2nd and November 18th, 2024, resulted from successful phishing attacks targeting Numotion employees. While Numotion states there’s no evidence of data misuse, the exposed information varied widely among affected individuals.
This includes names, dates of birth, product information, financial details, health insurance information, and medical records. A smaller subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed.
Numotion is mailing individual notification letters and offering complimentary credit monitoring and identity theft protection services to those whose Social Security numbers were compromised.
The company maintains it has “no reason to believe that the accounts were accessed to obtain personal information, and no evidence has been found to indicate any information in the accounts has been stolen and misused.”
However, this statement does little to alleviate concerns given the sensitive nature of the exposed data.
Numotion Data Breach is not an isolated incident for Numotion. In March 2024, a ransomware attack impacted the data of 602,265 individuals. Furthermore, a separate email breach reported in November 2024, detected on September 6th, 2024, compromised the protected health information of 2,319 individuals. The overlap in dates suggests a vulnerability window of nearly three months.
Several lawsuits have already been filed against Numotion, alleging negligence in failing to implement adequate data security measures. These legal actions highlight the serious consequences of insufficient cybersecurity protocols for organizations handling sensitive personal and health information.
The scale of these breaches underscores the urgent need for robust cybersecurity strategies within the healthcare and mobility equipment sectors. The ongoing legal battles and reputational damage will undoubtedly impact Numotion’s future operations.
