Ambulance Billing Company Comstar Hit with Class Action Over 2022 Data Breach
by Erin Shaak
Davis v. Comstar, LLC
Filed: July 12, 2022 ◆§ 1:22-cv-11119
A proposed class action lawsuit alleges Comstar, LLC’s failure to properly secure consumers’ private information led to a data breach in March 2022.
Massachusetts
A proposed class action lawsuit alleges Comstar, LLC’s failure to properly secure consumers’ private information led to a data breach in March 2022.
Comstar, a Massachusetts-based ambulance billing and collections service company, discovered “suspicious activity” on its servers on or about March 26, 2022, the 31-page complaint says. Per the case, cybercriminals were able to gain access to certain patient information provided to Comstar by ambulance and emergency medical service providers.
The data exposed during the incident included patients’ names, dates of birth, medical assessments and medication administration, health insurance information, driver’s licenses, financial account information and Social Security numbers, the suit says.
The lawsuit, filed by a man who used a Rhode Island-based ambulance service that was a customer of Comstar, alleges the data breach was a direct result of the company’s failure to maintain adequate cybersecurity systems, delete unneeded data containing patients’ sensitive information and train its employees on proper cybersecurity measures.
According to the case, those whose information was compromised now face “lifelong harm,” including a risk of identity theft and fraud.
The suit says that although Comstar discovered the data breach in late March, many patients whose data was compromised in the incident did not receive notice until months later, in early June 2022. Moreover, Comstar “disclosed little” about its investigation in the data breach notice posted on its website, the case says.
“Indeed, the Breach Notice did not disclose or was unable to disclose when cybercriminals hacked its systems, how Comstar allowed them to do so, why Comstar was unable to stop it, and what information hackers obtained and from whom,” the complaint reads. “Instead, Comstar issued a bare-bones notice informing Data Breach victims that their highly sensitive [protected health information] may have been compromised.”
The lawsuit goes on to state that Comstar has not offered data breach victims any free credit monitoring or identity theft protection services, even though their highly sensitive Social Security numbers and dates of birth may have been disclosed.
The case looks to represent anyone whose protected health information was compromised in the data breach disclosed by Comstar in the notice posted on its website.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.