Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
ZOLL Medical Corporation

ZOLL Medical Corporation Vendor Cyber Rating & Cyber Score

zoll.com

ZOLL Medical Corporation, an Asahi Kasei Group Company, develops and markets medical devices and software solutions that help advance emergency care and save lives, while increasing clinical and operational efficiencies. With products for defibrillation and monitoring, circulation and CPR feedback, data management, therapeutic temperature management, and ventilation, ZOLL provides a comprehensive set of technologies that help clinicians, EMS and fire professionals, and lay rescuers treat victims needing resuscitation and acute critical care. The Asahi Kasei Group is a diversified group of companies led by holding company Asahi Kasei Corp., with operations in the material, homes, and health care business sectors. Its health care operations


ZMC A.I CyberSecurity Scoring

ZMC
Company Information
Website:http://www.zoll.com
Employees number:6,056
Number of followers:148,839
NAICS:3391
Industry Type:Medical Equipment Manufacturing
Homepage:zoll.com
ZMC Risk Score (AI oriented)
Between 550 and 599
logo
ZMCMedical Equipment Manufacturing
Updated:
23/04/2026
581/1000
Very Poor
Ca
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
ZMC Global Score (TPRM)
xxxx
logo
ZMCMedical Equipment Manufacturing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

ZMC
ZMCVery Poor
Current Score
581Ca (VERY POOR)
01000
6 incidents
-61 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
589Before Incident
JUNE 2026
588Before Incident
MAY 2026
583Before Incident
APRIL 2026
642Before Incident
Breach
22 Apr 2026ZMC
Barracuda Networks, Inc., Zoll Medical Corporation, Blackbaud and Inc.: Legal Analysis: Insurer Subrogation Rights Under Scrutiny

Court Rulings on Subrogation Rights in Cybersecurity Breaches: Axis v. Barracuda and Travelers v. Blackbaud

581After Incident
CRITICAL-61
BLABARZOL1776911191
Court Rulings Shape Subrogation Rights in Cybersecurity Breaches: Key Cases Define Vendor Liability Two recent court decisions Axis Insurance Company v. Barracuda Networks, Inc. (2025) and Travelers Casualty and Surety Company of America v. Blackbaud, Inc. (2026) have clarified the limits of insurers’ subrogation rights against vendors following data breaches, with outcomes hinging on contractual relationships and legal standing. ### Axis v. Barracuda: No Privity, No Subrogation In Axis v. Barracuda, the U.S. First Circuit Court of Appeals ruled on November 20, 2025, that insurer Axis could not pursue subrogation against Barracuda Networks after a breach exposed Zoll Medical Corporation’s customer data. The case stemmed from a 2023 incident where Barracuda’s email archiving service, used by Zoll’s vendor Fusion LLC, was compromised. Zoll settled a class-action lawsuit from affected customers and sought recovery from Fusion and Barracuda. The court rejected Axis’s equitable indemnification claim, finding no direct or vicarious contractual relationship between Zoll and Barracuda only a chain of independent contracts (Zoll-Fusion, Fusion-Barracuda). Without privity, the court ruled that equitable indemnification, a narrow remedy, could not reallocate risk post-breach. The First Circuit also dismissed Axis’s breach-of-contract claim, affirming that Fusion failed to meet a contractual condition precedent (a liability-limiting provision) and that Barracuda’s lack of audit obligations did not waive this defense. Similarly, Axis’s claim for breach of the covenant of good faith failed, as Fusion had not negotiated protections for breach scenarios. ### Travelers v. Blackbaud: Direct Contracts Enable Subrogation In contrast, the Delaware Supreme Court ruled on February 13, 2026, in Travelers v. Blackbaud that insurers could proceed with subrogation claims against the software provider. Blackbaud, which provided donor management services to nonprofits, suffered a 2020 ransomware attack but offered clients only a self-remediation "toolkit" instead of direct support. Insurers, including Travelers, covered their policyholders’ incident response costs (legal fees, notifications, credit monitoring) and sued Blackbaud for recovery. The lower court dismissed the case, citing insufficiently pleaded aggregate claims under New York law. However, the Delaware Supreme Court overturned the decision, finding that the insurers had adequately alleged breach of contract. Unlike Axis, the insureds had direct contracts with Blackbaud, giving insurers standing to pursue subrogation. The court emphasized that Blackbaud could address individual claims through discovery, and that foreseeable breach-related costs (e.g., remediation expenses) constituted recoverable damages. ### Key Takeaways: Contracts Determine Liability The rulings underscore a critical distinction: subrogation claims against vendors require a direct contractual relationship between the insured and the breached party. In Axis, the lack of privity doomed the claim, while Travelers succeeded because the insureds’ contracts with Blackbaud established clear liability pathways. Both decisions reinforce that: - Equitable indemnification is unavailable without a direct or derivative contractual link. - Breach-of-contract claims hinge on compliance with contractual terms, including conditions precedent. - Aggregate subrogation may proceed if insurers plead sufficient facts, as seen in Travelers. The cases signal that cyber insurers and policyholders must scrutinize vendor contracts for liability clauses, indemnification rights, and subrogation waivers to mitigate exposure in breach scenarios.
INCIDENT DETAILS -
TYPE
Data BreachRansomware
IMPACT
Data Compromised: Customer data (Zoll Medical Corporation), donor management data (nonprofits)Email archiving service (Barracuda)Donor management software (Blackbaud)Operational Impact: Class-action lawsuits, incident response costs, credit monitoringClass-action settlementsRegulatory scrutiny
DATA BREACH
Customer dataDonor management dataSensitivity Of Data: Personally identifiable information (PII)Personally Identifiable Information: Yes
MARCH 2026
639Before Incident
FEBRUARY 2026
638Before Incident
JANUARY 2026
635Before Incident
DECEMBER 2025
633Before Incident
NOVEMBER 2025
630Before Incident
OCTOBER 2025
627Before Incident
SEPTEMBER 2025
624Before Incident
AUGUST 2025
621Before Incident
NOVEMBER 2023
603Before Incident
Breach
01 Nov 2023ZMC
ZOLL Medical Corporation

Data Breach at ZOLL Medical Corporation

541After Incident
HIGH-62
ZOL609072525
On December 18, 2023, the Vermont Office of the Attorney General reported a data breach at ZOLL Medical Corporation due to a phishing attack that potentially affected personal information of individuals, including names, addresses, and Social Security numbers. The incident was discovered on or about November 1, 2023, but the number of individuals affected is not specified.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
namesaddressesSocial Security numbers
DATA BREACH
namesaddressesSocial Security numbers
AUGUST 2023
654Before Incident
Breach
02 Aug 2023ZMC
ZOLL Medical Corporation

Phishing Attack on ZOLL Medical Corporation

593After Incident
HIGH-61
ZOL254080425
The California Office of the Attorney General reported on December 18, 2023, that ZOLL Medical Corporation experienced a phishing attack on August 2, 2023, potentially affecting personal information of individuals, including names, addresses, and Social Security numbers. The exact number of individuals affected is unknown, and no misuse of information has been indicated.
INCIDENT DETAILS -
TYPE
Phishing Attack
IMPACT
namesaddressesSocial Security numbers
DATA BREACH
namesaddressesSocial Security numbers
JANUARY 2023
725Before Incident
Breach
28 Jan 2023ZMC
ZOLL Medical Corporation

ZOLL Medical Corporation Data Breach

640After Incident
CRITICAL-85
ZOL506072625
The Maine Office of the Attorney General reported that ZOLL Medical Corporation experienced a data breach involving an external system hack, disclosed on March 10, 2023. The breach occurred between January 28, 2023, and January 29, 2023, potentially affecting the personal information of 1,004,443 individuals, including Social Security numbers.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Personal InformationSocial Security Numbers
DATA BREACH
Personal InformationSocial Security NumbersSensitivity Of Data: High
MARCH 2019
716Before Incident
Data Leak
01 Mar 2019ZMC
ZOLL Medical Corporation

ZOLL Data Exposure Incident

654After Incident
MEDIUM-62
ZOL7412323
ZOLL discovered that some emails archived by an unnamed third-party service provider had been exposed during a server migration. At this point, the company is not aware of any fraud or identity theft to any individual as a result of this exposure. The compromised information includes patient names, addresses, dates of birth, and limited medical information. A small percentage of patients also had Social Security numbers exposed. ZOLL offered free credit and identity monitoring services for one year to impacted patients where available.
INCIDENT DETAILS -
TYPE
Data Exposure
IMPACT
patient namesaddressesdates of birthlimited medical informationsocial security numbers
DATA BREACH
patient namesaddressesdates of birthlimited medical informationsocial security numbersSensitivity Of Data: Highpatient namesaddressesdates of birthsocial security numbers
NOVEMBER 2018
777Before Incident
Breach
08 Nov 2018ZMC
ZOLL Services LLC

ZOLL Services LLC Data Security Incident

711After Incident
CRITICAL-66
ZOL731072825
The California Office of the Attorney General reported that ZOLL Services LLC experienced a data security incident potentially exposing personal information from November 8, 2018, to December 28, 2018. The breach involved an external third-party vendor and may have included names, addresses, dates of birth, limited medical information, and Social Security numbers of individuals. Approximately UNKN individuals are impacted.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
namesaddressesdates of birthlimited medical informationSocial Security numbers
DATA BREACH
namesaddressesdates of birthlimited medical informationSocial Security numbersNumber Of Records Exposed: UNKNSensitivity Of Data: High

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for ZMC ?
?
What was ZMC's A.I Rankiteo Cyber Score in June 2026 ?
?
What was ZMC's A.I Rankiteo Cyber Score in May 2026 ?
?
What was ZMC's A.I Rankiteo Cyber Score in April 2026 ?
?
What was ZMC's A.I Rankiteo Cyber Score in March 2026 ?
?
What was ZMC's A.I Rankiteo Cyber Score in February 2026 ?
?
What was ZMC's A.I Rankiteo Cyber Score in January 2026 ?
?
What was ZMC's A.I Rankiteo Cyber Score in December 2025 ?
?
What was ZMC's A.I Rankiteo Cyber Score in November 2025 ?
?
What was ZMC's A.I Rankiteo Cyber Score in October 2025 ?
?
What was ZMC's A.I Rankiteo Cyber Score in September 2025 ?
?
What was ZMC's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on ZMC's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with ZMC ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view ZMC's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?