Patient data is stored in a medical device, such as an external defibrillator, and may be transferred, or downloaded, from the medical device to a computing device for storage or analysis. In response to the transfer, the medical device protects the patient data so that at least a subset of users cannot access the patient data from the medical device. The other device to which patient data is transferred from the medical device may be remote from the medical device or may be configured to be part of the medical device. The device to which the patient data is transferred from the medical device can be a remote computing device like a computer or server and/or may include or may be an intermediary data management device (DMD). The medical device may be a wearable medical device, such as a wearable defibrillator or a wearable automatic external defibrillator (AED).