Empress Ambulance Service Settles Class Action Lawsuit for $1.05 Million
Empress Ambulance Service, an ambulance company that operates in many regions of New York as Empress EMS, has proposed a $1.05 million settlement to resolve claims it failed to implement appropriate cybersecurity safeguards to protect the sensitive data of patients. Empress EMS suffered a Hive ransomware attack in July 2022, in which files were encrypted and sensitive patient data was stolen. The Hive group published some of the data on its data leak site; however, Empress EMS paid the ransom, and the data was removed from the leak site. The forensic investigation confirmed the protected health information of 318,558 patients was compromised in the attack.
Several lawsuits were filed in response to the data breach and a settlement has been proposed to resolve the claims, with no admission of wrongdoing by Empress EMS. Under the terms of the settlement, class members – individuals who were notified about the data breach by Empress EMS – are entitled to submit claims for up to $10,000 for reimbursement of documented expenses incurred as a result of the data breach, such as tax and credit expenses, identity theft damages, fraudulent charges, and professional fees.
Alternatively, class members may choose to receive a cash payment, which will be paid pro rata after legal fees and claims have been deducted from the settlement fund. Should the claims exceed the total settlement, they will be paid pro rata and no cash payments will be made. The settlement also includes one year of credit monitoring and identity theft protection services, which include a $1 million identity theft insurance policy. The deadline for objection to or exclusion from the settlement is March 8, 2024, valid claims must be submitted by April 8, 2024, and the final approval hearing has been scheduled for April 3, 2024.