A recent court filing reveals a significant data breach incident involving a major healthcare provider, raising serious concerns about the protection of sensitive patient information. Angela Broussard filed a class action complaint against Acadian Ambulance Service, Inc. in the United States District Court for the Western District of Louisiana on August 2, 2024.
The lawsuit alleges that Acadian Ambulance failed to adequately secure personally identifiable information (PII) and personal health information (PHI) of its patients and employees. The compromised data reportedly includes patient names, dates of birth, phone numbers, medical histories, employment information, and more. According to the complaint, this breach resulted from Acadian Ambulance's failure to comply with industry standards for data security.
Broussard claims that Acadian Ambulance's negligence led to a ransomware attack by the Daixin Team, which stole approximately 10 million unique records. The plaintiff argues that Acadian Ambulance was aware of the risks but did not take necessary steps to prevent unauthorized access. The lawsuit highlights several alleged failures: inadequate network safeguards, poor data retention policies, insufficient staff training on data security, and delayed detection of the breach.
The plaintiffs are seeking various forms of relief from the court. They demand compensatory damages for financial losses incurred due to identity theft and fraud resulting from the breach. Additionally, they seek reimbursement for out-of-pocket costs related to credit monitoring services and other mitigation efforts. The plaintiffs also request injunctive relief requiring Acadian Ambulance to improve its data security systems and provide long-term credit monitoring services funded by the defendant.
Case ID: 6:24-cv-01033.