U.S.-based medical devices provider Rotech Healthcare said on Friday it was reviewing a list of patients who may have been impacted due to a cybersecurity breach experienced by its partner Philips' Respironics unit.

Orlando-based Rotech said in a statement that Respironics, which sells breathing devices and ventilators to treat sleep apnea, was made aware on June 5 of a privacy incident where an unauthorized third-party exploited a software to access information stored on its server.

Rotech said Respironics immediately took steps to secure the systems and performed further investigation and analysis.

On investigation, it was found that the third-party extracted files contained on the online server on May 31, 2023, gaining access to files that may have included details like personal information of the patients.

Dutch health technology company Philips said in an emailed response that its unit notified customers of a cyber-security incident involving MOVEit Transfer, a third-party software application enabling healthcare providers to transfer patient files containing therapy data, beginning Dec. 20.

Rotech said Respironics provided a patient list on Dec. 26 containing potentially impacted individuals which it is reviewing. It did not give any details of the patients who might have been impacted.

Rotech's products include ventilators, oxygen, wound care solutions, diabetes management and home medical equipment.

(Reporting by Sriparna Roy in Bengaluru; Editing by Maju Samuel and Muralikumar Anantharaman)