The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Transformative Healthcare Sued Over Fallon Ambulances Service Data Breach

Posted By on Jan 25, 2024

Transformative Healthcare is facing legal action over a recently disclosed data breach that affected 911,757 patients of the Fallon Ambulance Service. The lawsuit also names Coastal Medical Transportation Systems, LLC, as a defendant. Coastal Medical Transportation Systems acquired Fallon Ambulance Services in September 2022, although the data breached was an archive copy of data from before the acquisition.

The lawsuit – Daniel Durgin v. Transformative Healthcare, LLC, and Coastal Medical Transportation Systems, LLC – was filed in the U.S. District Court for the District of Massachusetts on January 18, 2023, on behalf of Daniel Durgin, who received emergency medical transportation from the Fallon Ambulance Service before it ceased operations in December 2022. The lawsuit alleges the defendants should have known how to keep sensitive data protected, yet failed to implement reasonable and appropriate cybersecurity measures and comply with industry security standards, which allowed hackers to gain access to the plaintiff’s and class members’ sensitive data.

The lawsuit claims the plaintiff and class have incurred costs and expenses associated with the time spent mitigating the consequences of the data breach, including checking credit reports for signs of misuse of their data, purchasing credit monitoring services, and having to deal with withdrawal and purchase limits on their accounts, as well as the loss of property value of their personal information, and stress, nuisance, and aggravation of having to deal with the issues caused by the data breach.

The plaintiff and class asset claims of negligence, breach of implied contract, unjust enrichment/quasi-contract, and breach of fiduciary duty. The lawsuit seeks class-action status, a jury trial, monetary and statutory damages, and injunctive relief.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The plaintiff and class are represented by David Pastor of Pastor Law Office, PC, and Nicholas A. Migliaccio and Jason Rathod of Migliaccio & Rathod LLP.

January 2, 2024: More Than 911,000 Individuals Affected by Fallon Ambulance Service Data Breach

Legal counsel for Transformative Healthcare, a Newton MA-based medical, transportation & logistics company, has notified the HHS’ Office for Civil Rights about a data breach that has affected 911,757 individuals. The data breach affected individuals who had previously received services from the Fallon Ambulance Service, the Massachusetts medical transportation arm of Transformative Healthcare. Fallon responded to patient emergencies in the greater Boston area and provided administrative services for affiliated medical transportation companies.

In September 2022, Fallon Ambulance Service was acquired by Coastal Medical Transportation Systems and ceased business operations in December 2022. In order to comply with legal data retention requirements, Transformative Healthcare retained an archived copy of data that was previously stored on Fallon’s computer systems. On or around April 21, 2023, Transformative Healthcare detected unauthorized activity in its archive environment. Prompt action was taken to prevent further unauthorized access and an investigation was launched to determine the extent of the breach. The forensic investigation confirmed that an unauthorized third party gained access to the archive on February 17, 2023, and retained access to the archive environment until April 22, 2023. During that time, files were copied from the archive.2

The affected files were reviewed and that process was completed on December 27, 2023, when it was confirmed that the files contained names, addresses, Social Security numbers, medical information including COVID-19 testing/ vaccination information, and information provided to Fallon in connection with employment or application for employment.

While data was removed from the archive, neither Fallon nor Transformative Healthcare have found any evidence to indicate misuse of the data. Affected patients were notified by mail on December 27, 2023, and credit monitoring and identity theft protection services are being offered to the affected individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist