Superior Air-Ground Ambulance Service Facing Class Action Lawsuit Over 858K-Record Data Breach
Superior Air-Ground Ambulance Service is facing a class action lawsuit over a data breach that affected more than 858,000 individuals. Superior Air-Ground Ambulance Service is the largest independent and locally owned emergency medical services provider in the greater Chicagoland area and operates in 5 states in the Midwest.
Unauthorized access to its network was detected in May 2024, and the forensic investigation confirmed that an unauthorized third party had access to its network for a week and copied files that contained patients’ protected health information. The information stolen in the attack included names, addresses, dates of birth, Social Security numbers, driver’s license/state identification numbers, financial account and payment card information, patient record information, medical diagnosis/condition information, treatment information, and health insurance information. 858,238 patients were affected and had their data stolen in the attack.
On June 6, 2024, a lawsuit was filed in the U.S. District Court for the Northern District of Illinois by Kirston Spann II whose personal and protected health information was stolen in the attack. The lawsuit alleges the plaintiff and other similarly situated individuals have suffered concrete injuries as a result of the data breach and those injuries were the result of the defendant’s negligence.
The lawsuit alleges the defendant maintained private information in a reckless manner and failed to implement reasonable and appropriate security measures to keep sensitive information private, including conducting regular security updates and implementing data encryption. The lawsuit alleges the defendant failed to comply with the federal Health Insurance Portability and Accountability Act (HIPAA) and state laws, and had appropriate security measures been implemented, the data breach could have been prevented. The lawsuit also alleges an unnecessary delay in issuing breach notification letters to the affected individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
As a result of those failures, more than 858,000 individuals have had their privacy violated, are receiving increased spam communications, and their private information is in the hands of cybercriminals and has been shared on the dark web.
The lawsuit seeks class action certification, a jury trial, statutory damages, nominal damages for the misuse of their private information, and injunctive relief, including an order from the court requiring the defendant to improve security to prevent similar data breaches in the future.
