Ambulance Company Proposes a $1.05 Million Settlement to Resolve Claims That It Failed to Prevent Data Breach

Empress Ambulance Service, an ambulance company that operates in many regions of New York as Empress EMS, has proposed a $1.05 million settlement to resolve claims it failed to implement appropriate cybersecurity safeguards to protect the sensitive data of patients. Empress EMS suffered a Hive ransomware attack in July 2022, in which files were encrypted and sensitive patient data was stolen. The Hive group published some of the data on its data leak site; however, Empress EMS paid the ransom, and the data was removed from the leak site. The forensic investigation confirmed the protected health information of 318,558 patients was compromised in the attack.

Several lawsuits were filed in response to the data breach and a settlement has been proposed to resolve the claims, with no admission of wrongdoing by Empress EMS. Under the terms of the settlement, class members – individuals who were notified about the data breach by Empress EMS – are entitled to submit claims for up to $10,000 for reimbursement of documented expenses incurred as a result of the data breach, such as tax and credit expenses, identity theft damages, fraudulent charges, and professional fees.

Read the source article at The HIPAA Journal