Medtronic is facing a new class-action lawsuit that alleges the company shared the personal data of some of its customers with third-party advertisers.
The lawsuit names both Medtronic and the company’s MiniMed subsidiary as defendants. The lead plaintiff is a Medtronic customer, A.H., who started using Medtronic’s InPen Diabetes Management smartphone app in July 2020.
According to the lawsuit, A.H., individually and on behalf of all others similarly situated v. Medtronic MiniMed Inc. and MiniMed Distribution Corp, the plaintiff found out in April 2023 that Medtronic had “made the conscious decision” to transmit the personally identifiable information (PII) and protected health information (PHI) of InPen app patients to third-party sites such as a Google. This included patient names, phone numbers, email addresses, IP addresses, device identifiers and “other sensitive medical information.”
“Plaintiff reasonably expected that his communications with MiniMed were confidential and private, and that such communications would remain confidential,” according to the lawsuit. “Under no circumstance did he expect or anticipate that his confidential and protected Private Information would be transmitted to and/or intercepted by Google and other third parties.”
The complaint continues, emphasizing the potential impact of this information being shared with Google.
“MiniMed’s disclosures of PII and PHI to Google is particularly problematic because Google provides web services—such as YouTube and Gmail—that give it access to InPen users’ real identity and device identifiers,” according to the lawsuit. “Plaintiff used his mobile device to access the app, and he also uses it to access his Gmail account. As a result, his PII and PHI were automatically linked to his real identity.”
The plaintiff’s complaint concludes by describing the actions of Medtronic/MiniMed as “immoral, unethical, oppressive and unscrupulous.”
Medtronic’s response to the class-action lawsuit
“Medtronic has not been served and will review the complaint once we receive it,” the company said in a statement sent to Cardiovascular Business. “It’s important to note that protecting patient information is critically important to Medtronic. We have strong processes, technologies, and people in place to safeguard and protect our information and systems, the information of our business partners, and most importantly, the privacy and safety of the patients and healthcare providers that use our products.”