Acadian Ambulance service is reporting data breach, exposing almost 3 Million people
Learn More
Acadian Ambulance Service, a Louisiana-based emergency medical care provider, is reporting a data breach that potentially affects nearly 3 million individuals. They are founded in 1971 and provide emergency and non-emergency medical care across Louisiana, Mississippi, Tennessee, and Texas.
The breach, which occurred in June 2024, involved a ransomware attack by the Daixin group, which claims to have stolen and published sensitive patient information on its dark web leak site.
On June 21, 2024, Acadian Ambulance detected suspicious activity on its network. The company took steps to secure its systems and launched an investigation with third-party cybersecurity experts. The investigation confirmed that between June 19 and June 21, unauthorized access occurred, and certain files and folders were stolen.
The breach potentially exposed sensitive information, including:
- Names
- Addresses
- Social Security numbers
- Birthdates
- Medical information (such as patient case histories, "suspected drug use," and physician "care point" documentation)
Approximately 2.89 million are affected, as reported to the U.S. Department of Health and Human Services (HHS). Daixin claims the breach affects up to 10 million patients, although Acadian disputes this figure.
Acadian Ambulance notified the affected individuals and the U.S. Department of Health and Human Services on August 20, 2024. The company is providing free identity and credit monitoring services to those affected.
As of September 2024, Acadian Ambulance faces at least 10 proposed federal class action lawsuits related to the breach. The lawsuits allege negligence in failing to implement adequate security measures to protect sensitive personal information.
