InPen Data Breach Lawsuit Investigation: Did Medtronic Violate Patients’ Privacy?

Last Updated on April 19, 2023

Contact Us

Comments |

At A Glance

This Alert Affects:
Anyone who received a data breach letter from Medtronic informing them that their or their child’s personal information may have been shared with Google
What’s Going On?
Medtronic recently reported that users of its InPen diabetes management app may have had their private health information secretly shared with Google through tracking and analytics tools. Now, attorneys working with ClassAction.org are investigating whether a class action lawsuit can be filed on behalf of consumers over potential privacy violations.
How Could a Lawsuit Help?
A class action lawsuit could help compensate InPen users for the unauthorized disclosure of their medical information and possibly force Medtronic to improve its data privacy practices.
What You Can Do
If you received an InPen data breach letter, which can be viewed here, fill out the form on this page to find out how you may be able to help the investigation.

Attorneys working with ClassAction.org want to hear from anyone who received a letter from Medtronic about the InPen data breach.

Specifically, Medtronic recently announced that users of its InPen diabetes management app may have had their personal and health information secretly disclosed to Google through tracking and analytics tools within the app. The company has stated that anyone who registered for or used an InPen account since September 2020 may have been affected.

The attorneys believe Medtronic may have failed to implement proper data security practices to protect patients’ sensitive information and are investigating whether a class action lawsuit can be filed.

If you received this data breach notice from Medtronic, including on behalf of your child, find out how you may be able to help the investigation.

Medtronic InPen Data Breach

Medtronic recently began notifying InPen app users of a “data privacy incident” that may have exposed their personal and health information without permission.

The company stated that on February 13, 2023, it determined that certain tracking and authentication tools used in the InPen app (specifically, Google Analytics, Crashlytics and Firebase Authentication) may have collected and disclosed to Google certain information about users and their InPen app activity, particularly when logged into their Google accounts while using the app.

After an investigation, Medtronic determined that the data shared with Google may have included users’ personal and health information. 

What Information Was Exposed in the InPen Data Breach?

According to Medtronic’s data breach letter, the following patient information may have been shared with Google:

  • Email addresses
  • Phone numbers
  • IP addresses
  • InPen usernames and passwords
  • Timestamp information related to certain actions taken in the InPen app
  • Unique identifiers tied to users’ InPen accounts
  • Unique identifiers tied to users’ mobile devices (such as advertising IDs)

How Could Tracking Software Expose Patients’ Medical Information?

Analytics and tracking technology such as the tools offered by Google have the capacity to collect all kinds of information about how consumers use websites and apps. Because the software can be programmed to track any actions consumers take – including the information they enter into a site or app, the buttons they click on, and the content they view – it’s possible that consumers’ sensitive information could be tracked and disclosed.

For example, non-profit news organization The Markup reported in June 2022 that 33 percent of the country’s top hospitals were sharing patients’ sensitive medical information with Facebook through the social media platform’s tracking pixel. Specifically, when a patient booked an appointment online, the pixel collected and shared with Facebook “an intimate receipt of the appointment request,” which may have included doctors’ names, search terms and medical conditions selected from a dropdown menu. Depending on the data shared, the pixel could potentially allow Facebook to identify particular patients and their medical information.

How Could a Lawsuit Help?

A class action lawsuit, if successful, could help compensate InPen app users for potential privacy violations. It could also force Medtronic to implement stronger data security practices to ensure that users’ information is protected in the future.

What You Can Do

If you received an InPen data breach letter stating that your or your child’s personal information may have been shared with Google, fill out the form on this page to find out how you can help the investigation.

After you get in touch, an attorney or legal representative may reach out to you directly to ask you a few questions and address any concerns you may have. It costs nothing to fill out the form or speak with someone, and you’re not obligated to take legal action if you don’t want to.

Before commenting, please review our comment policy.

The information submitted on this page will be forwarded to Milberg Coleman Bryson Phillips Grossman, PLLC who has sponsored this investigation.

Contact Us