Acadian Ambulance data breach impacted close to 2.9 million patients

Louisiana-based ambulance service Acadian Ambulance said it experienced a data security incident in June that compromised the sensitive personal information of almost 2.9 million individuals.

 

In a notice of data breach posted on its website, the medical transportation service, once named the largest privately owned ambulance service in the U.S., said that on June 21, it identified suspicious activities in its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The investigation determined there was unauthorised access to Acadian’s network between June 19, 2024, and June 21, 2024, and that certain files and folders were or may have been taken without authorisation during that time,” reads the notice.

 

The compromised data included names, addresses, Social Security numbers, dates of birth, and medical information collected during the patient intake process. 

 

Acadian Ambulance also notified the U.S. Department of Health and Human Services, stating that it has identified at least 2,896,985 individuals who were affected by the data security incident.

 

“As part of Acadian’s ongoing commitment to the privacy of information in its care, Acadian is reviewing its policies, procedures and processes to reduce the likelihood of a similar future event. Acadian also notified federal law enforcement,” the company added.

 

While Acadian found no evidence of the compromised information being misused. It has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered complimentary identity protection and credit monitoring services to all affected individuals.

 

In July, the Daixin ransomware group claimed responsibility for the cyber attack on Acadian and listed the company as a victim on its data leak site. According to DataBreaches.net, the group has published around 10 million Acadian Ambulance patients’ records, including their case histories, suspected drug use, and physician care point data. The leaked data also contained information about Acadian employees.