ZMC A.I CyberSecurity Scoring
ZMC
Company Information
Website:http://www.zoll.com
Employees number:6,056
Number of followers:148,839
NAICS:3391
Industry Type:Medical Equipment Manufacturing
Homepage:zoll.com
ZMC Risk Score (AI oriented)
Between 550 and 599
ZMCMedical Equipment Manufacturing
Updated:
23/04/2026
23/04/2026
581/1000
Very Poor
Ca
ZMC Global Score (TPRM)
xxxx
ZMCMedical Equipment Manufacturing
Score locked

ZMCVery Poor
Current Score
581Ca (VERY POOR)
01000
6 incidents
-61 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
589
JUNE 2026
588
MAY 2026
583
APRIL 2026
642
Breach
22 Apr 2026 • ZMC
Barracuda Networks, Inc., Zoll Medical Corporation, Blackbaud and Inc.: Legal Analysis: Insurer Subrogation Rights Under Scrutiny
Court Rulings on Subrogation Rights in Cybersecurity Breaches: Axis v. Barracuda and Travelers v. Blackbaud
581
CRITICAL-61
BLABARZOL1776911191
Court Rulings Shape Subrogation Rights in Cybersecurity Breaches: Key Cases Define Vendor Liability
Two recent court decisions Axis Insurance Company v. Barracuda Networks, Inc. (2025) and Travelers Casualty and Surety Company of America v. Blackbaud, Inc. (2026) have clarified the limits of insurers’ subrogation rights against vendors following data breaches, with outcomes hinging on contractual relationships and legal standing.
### Axis v. Barracuda: No Privity, No Subrogation
In Axis v. Barracuda, the U.S. First Circuit Court of Appeals ruled on November 20, 2025, that insurer Axis could not pursue subrogation against Barracuda Networks after a breach exposed Zoll Medical Corporation’s customer data. The case stemmed from a 2023 incident where Barracuda’s email archiving service, used by Zoll’s vendor Fusion LLC, was compromised. Zoll settled a class-action lawsuit from affected customers and sought recovery from Fusion and Barracuda.
The court rejected Axis’s equitable indemnification claim, finding no direct or vicarious contractual relationship between Zoll and Barracuda only a chain of independent contracts (Zoll-Fusion, Fusion-Barracuda). Without privity, the court ruled that equitable indemnification, a narrow remedy, could not reallocate risk post-breach. The First Circuit also dismissed Axis’s breach-of-contract claim, affirming that Fusion failed to meet a contractual condition precedent (a liability-limiting provision) and that Barracuda’s lack of audit obligations did not waive this defense. Similarly, Axis’s claim for breach of the covenant of good faith failed, as Fusion had not negotiated protections for breach scenarios.
### Travelers v. Blackbaud: Direct Contracts Enable Subrogation
In contrast, the Delaware Supreme Court ruled on February 13, 2026, in Travelers v. Blackbaud that insurers could proceed with subrogation claims against the software provider. Blackbaud, which provided donor management services to nonprofits, suffered a 2020 ransomware attack but offered clients only a self-remediation "toolkit" instead of direct support. Insurers, including Travelers, covered their policyholders’ incident response costs (legal fees, notifications, credit monitoring) and sued Blackbaud for recovery.
The lower court dismissed the case, citing insufficiently pleaded aggregate claims under New York law. However, the Delaware Supreme Court overturned the decision, finding that the insurers had adequately alleged breach of contract. Unlike Axis, the insureds had direct contracts with Blackbaud, giving insurers standing to pursue subrogation. The court emphasized that Blackbaud could address individual claims through discovery, and that foreseeable breach-related costs (e.g., remediation expenses) constituted recoverable damages.
### Key Takeaways: Contracts Determine Liability
The rulings underscore a critical distinction: subrogation claims against vendors require a direct contractual relationship between the insured and the breached party. In Axis, the lack of privity doomed the claim, while Travelers succeeded because the insureds’ contracts with Blackbaud established clear liability pathways. Both decisions reinforce that:
- Equitable indemnification is unavailable without a direct or derivative contractual link.
- Breach-of-contract claims hinge on compliance with contractual terms, including conditions precedent.
- Aggregate subrogation may proceed if insurers plead sufficient facts, as seen in Travelers.
The cases signal that cyber insurers and policyholders must scrutinize vendor contracts for liability clauses, indemnification rights, and subrogation waivers to mitigate exposure in breach scenarios.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
639
FEBRUARY 2026
638
JANUARY 2026
635
DECEMBER 2025
633
NOVEMBER 2025
630
OCTOBER 2025
627
SEPTEMBER 2025
624
AUGUST 2025
621
NOVEMBER 2023
603
Breach
01 Nov 2023 • ZMC
ZOLL Medical Corporation
Data Breach at ZOLL Medical Corporation
541
HIGH-62
ZOL609072525
On December 18, 2023, the Vermont Office of the Attorney General reported a data breach at ZOLL Medical Corporation due to a phishing attack that potentially affected personal information of individuals, including names, addresses, and Social Security numbers. The incident was discovered on or about November 1, 2023, but the number of individuals affected is not specified.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
AUGUST 2023
654
Breach
02 Aug 2023 • ZMC
ZOLL Medical Corporation
Phishing Attack on ZOLL Medical Corporation
593
HIGH-61
ZOL254080425
The California Office of the Attorney General reported on December 18, 2023, that ZOLL Medical Corporation experienced a phishing attack on August 2, 2023, potentially affecting personal information of individuals, including names, addresses, and Social Security numbers. The exact number of individuals affected is unknown, and no misuse of information has been indicated.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2023
725
Breach
28 Jan 2023 • ZMC
ZOLL Medical Corporation
ZOLL Medical Corporation Data Breach
640
CRITICAL-85
ZOL506072625
The Maine Office of the Attorney General reported that ZOLL Medical Corporation experienced a data breach involving an external system hack, disclosed on March 10, 2023. The breach occurred between January 28, 2023, and January 29, 2023, potentially affecting the personal information of 1,004,443 individuals, including Social Security numbers.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MARCH 2019
716
Data Leak
01 Mar 2019 • ZMC
ZOLL Medical Corporation
ZOLL Data Exposure Incident
654
MEDIUM-62
ZOL7412323
ZOLL discovered that some emails archived by an unnamed third-party service provider had been exposed during a server migration.
At this point, the company is not aware of any fraud or identity theft to any individual as a result of this exposure.
The compromised information includes patient names, addresses, dates of birth, and limited medical information.
A small percentage of patients also had Social Security numbers exposed.
ZOLL offered free credit and identity monitoring services for one year to impacted patients where available.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2018
777
Breach
08 Nov 2018 • ZMC
ZOLL Services LLC
ZOLL Services LLC Data Security Incident
711
CRITICAL-66
ZOL731072825
The California Office of the Attorney General reported that ZOLL Services LLC experienced a data security incident potentially exposing personal information from November 8, 2018, to December 28, 2018. The breach involved an external third-party vendor and may have included names, addresses, dates of birth, limited medical information, and Social Security numbers of individuals. Approximately UNKN individuals are impacted.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for ZMC ??
What was ZMC's A.I Rankiteo Cyber Score in June 2026 ??
What was ZMC's A.I Rankiteo Cyber Score in May 2026 ??
What was ZMC's A.I Rankiteo Cyber Score in April 2026 ??
What was ZMC's A.I Rankiteo Cyber Score in March 2026 ??
What was ZMC's A.I Rankiteo Cyber Score in February 2026 ??
What was ZMC's A.I Rankiteo Cyber Score in January 2026 ??
What was ZMC's A.I Rankiteo Cyber Score in December 2025 ??
What was ZMC's A.I Rankiteo Cyber Score in November 2025 ??
What was ZMC's A.I Rankiteo Cyber Score in October 2025 ??
What was ZMC's A.I Rankiteo Cyber Score in September 2025 ??
What was ZMC's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on ZMC's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with ZMC ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view ZMC's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?