U.S. wheelchair maker Numotion says data breach impacted half a million customers

Tennessee-based healthcare mobility services provider Numotion recently suffered a serious data security incident that compromised the sensitive personal information of nearly half a million individuals.

 

Headquartered in Brentwood, Tennessee, United Seating and Mobility, LLC, doing business as Numotion, is one of the largest manufacturers of wheelchairs and other health-related mobility products. The company is a leader in Complex Rehab Technology solutions in the U.S., offering manual and powered wheelchairs, catheters, electric scooters, lift chairs, adjustable beds and patient lifts.

 

In a data security incident notice published on its website, Numotion said that it recently became aware of a data security incident that involved an unauthorised third party accessing certain employee email accounts on several occasions between September 2, 2024, and November 18, 2024.

 

After discovering the unauthorised access to the email accounts, the company immediately launched an extensive investigation and reviewed the contents of the compromised email accounts to determine the scope of the incident.

 

“Numotion has no reason to believe that anyone was trying to access personal information in the accounts, and there is no indication that any information has been used for fraud or identity theft. Nevertheless, out of an abundance of caution, Numotion undertook an extensive review of the emails that may have been accessed. 

 

“On January 22, 2025, we determined that the emails at-issue contained some customers’ information,” the healthcare mobility company said.

 

The compromised data included customers’ names, dates of birth, social security numbers, driver’s license numbers, product information, payment and financial account information, health insurance information and medical information. 

 

The incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights where Numotion said that it identified at least 494,326 individuals who were impacted by the incident.

 

While Numotion found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. It has also offered complimentary identity protection and credit monitoring services to individuals whose Social Security Numbers were affected during the incident.

 

In September, the Black Basta ransomware group claimed responsibility for the cyber attack on Numotion and listed it as a victim on its data leak site. The company has not responded to the hacker group’s claims and has not commented on whether it received a ransom demand.