Empress Emergency Medical Services Hit with Two More Lawsuits Over 2022 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Empress Emergency Medical Services has been hit with two more proposed class action lawsuits in the wake of a July 2022 data breach that reportedly compromised the personal information of more than 300,000 consumers.

The lawsuits, both of which were removed from state court to New York’s Southern District Court on October 31, claim the Yonkers-based emergency care and medical transportation provider failed to implement reasonable cybersecurity policies and procedures in order to safeguard patients’ information. Per the cases, current and former patients’ names, dates of service, Social Security numbers and insurance information were exposed in the incident, which was detected by Empress on July 14 of this year and publicly acknowledged by the company in September.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The lawsuits contend that the 318,558 individuals who were identified by Empress as among those whose information was compromised now face “a lifetime risk of identity theft,” made worse by the exposure of their Social Security numbers.

“Plaintiff and Class Members now face years of constant surveillance of their financial and personal records, monitoring, and loss of rights,” one case reads.

The lawsuits relay that Empress first identified a “network incident” resulting in the encryption of some of its systems on July 14 and then launched an investigation. According to the cases, Empress determined that an unauthorized actor had gained access to its systems on May 26, 2022 and copied “a small subset of files” on July 13.

Although Empress began notifying affected individuals on September 9, the information provided to consumers lacked certain key details, one case contends. For instance, the suit says, Empress failed to disclose that the breach was perpetuated by ransomware group Hive, who has reportedly published Empress patients’ information on the Dark Web and shared it with third parties, including DataBreaches.net.

The two lawsuits claim the data breach occurred as a result of Empress’s “inadequate security and breach of its duties and obligations,” and each case “seeks to remedy these failings and their consequences.”

The lawsuits propose to cover anyone whose personal information was compromised or exposed to unauthorized persons in the Empress data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.