Empress EMS 2022 Data Breach Affects Over 318K Customers, Class Action Claims
Last Updated on September 30, 2024
Ford v. Empress Ambulance Service LLC
Filed: October 12, 2022 ◆§ 7:22-cv-08679
Empress EMS has been hit with a class action claiming that its failure to properly secure over 318k customers’ private information resulted in a data breach.
New York ambulance service Empress EMS has been hit with a proposed class action claiming that its failure to properly secure approximately 318,558 customers’ private information resulted in a data breach between May and July 2022.
The 46-page case alleges that a “notorious ransomware hacking group” was able to infiltrate Empress EMS’s network on May 26, 2022, and download files from the system on July 13, 2022, because the company failed to implement reasonable cybersecurity measures. The complaint argues that due to Empress EMS’s negligence, the sensitive data of nearly a third of a million customers, including their names, dates of service, Social Security numbers and insurance information, was compromised.
According to the suit, Empress EMS did not detect the data breach until July 14, 2022, after the hackers had “unfettered access” to its electronic records for nearly two months. Empress EMS waited another two months before notifying affected individuals of the ransomware attack, the complaint relays.
The case argues that Empress EMS’s delayed notice was “inadequate” given it underplayed the gravity of the attack and the lifelong risk of identity theft and fraud that data breach victims now face. The suit says there is a “strong probability” that the hacked data will be bought and sold on the black market, requiring victims to pay out-of-pocket expenses for protective measures once the one year of identity monitoring services provided by the defendant has concluded.
Additionally, the notice fails to disclose how the data breach occurred and if Empress EMS has regained control of its network, the filing asserts.
Per the complaint, Empress EMS “knew or should have known” that cybercriminals would target its network in light of recent attacks on high-profile healthcare providers and warnings issued by the FBI and U.S. Secret Service.
The case alleges Empress EMS nonetheless “intentionally, willfully, recklessly, or at the very least negligently” failed to take the available steps to prevent a data breach. Per the suit, Empress EMS not only failed to comply with the minimum industry standards for cybersecurity and the Federal Trade Commission’s cybersecurity guidelines for businesses, but overlooked the safeguards for patient health information required under the Health Insurance Portability and Accountability Act (HIPAA).
The lawsuit looks to represent anyone in the United States whose personally identifiable information or protected health information was accessed, acquired, used or disclosed as a result of the data breach Empress EMS revealed on September 9, 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.