Acadian Ambulance Facing Multiple Class Action Lawsuits Over Data Breach
Several class action lawsuits have been filed against Acadian Ambulance over a recent ransomware attack and data breach that may have affected up to 10 million individuals. At the time of publication, the breach has yet to be reported to the HHS’ Office for Civil Rights, so it is unclear exactly how many individuals have been affected.
The threat group behind the attack, Daixin Team, claimed to have stolen 11 million lines of data, including 10 million unique records. The group said the stolen data includes names, dates of birth, phone numbers, medical histories, case histories, employment information, symptoms, suspected drug use, as well as employee information. Acadian Ambulance has confirmed the attack, and while the total number of affected individuals has yet to be determined, Acadian Ambulance says it is much lower than the attackers allege.
Acadian Ambulance is a Lafayette, LA-based private ambulance service that operates in Louisiana, Texas, Tennessee, and Mississippi. At least six lawsuits have now been filed in the U.S. District Court for the Western District of Louisiana over the data breach, individually by Louisiana residents Angela Broussard, Benjamin Fontenot, and Dari Vizier and Texas residents Anita Robertson Hulse, April Butler, and Dylan Stanford, and on behalf of other employees and users of the Acadian Ambulance service.
The lawsuits assert claims of negligence, breach of implied contract, breach of fiduciary duty, unjust enrichment, and invasion of privacy. The plaintiffs claim Acadian Ambulance failed to implement reasonable and appropriate cybersecurity measures despite warnings over several years of a high risk of cyberattacks on healthcare organizations. Further, the plaintiffs claim that Acadian Ambulance was retaining personally identifiable information and protected health information for longer than was necessary, did not encrypt that data, and then failed to provide adequate information about the breach to allow the affected individuals to take appropriate steps to protect themselves against the misuse of their data. As a result of the data breach, the plaintiffs claim they face an immediate and elevated risk of identity theft and fraud and have had to spend time and money mitigating the effects of the data breach.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The lawsuits seek class action certification, a jury trial, damages, legal costs and attorneys’ fees, and injunctive relief, including an order from the court requiring Acadian Ambulance to improve cybersecurity to prevent similar breaches in the future. The lawsuits make similar allegations and are based on the same facts so are likely to be consolidated into a single action.
