Data breach at defunct ambulance service affects nearly 1 million patients in the US

Fallon Ambulance Services, a now-defunct ambulance service that served the greater Boston area in the US was the victim of a cyberattack that led to the exposure of sensitive data belonging to nearly 1 million individuals.

According to a data breach notice, the ambulance service, which was a division of Transformative Healthcare, fell victim to a cyberattack on Feb 17, 2023. Even though the medical transportation company closed shop in December of 2022, the hackers managed to access a copy of Fallon’s data storage archive.

“Fallon ceased operations in December 2022 but, to comply with legal obligations has maintained an archived copy of data previously stored on its computer systems,” reads the notice, filed to the Maine Attorney General’s Office.

In total, 911,757 people were impacted by the cyber attack, which was discovered in April 2023.

“On or around April 21, 2023, after Fallon ceased operations, we detected suspicious activity within our data storage archive,” the data breach letter reads. ”We promptly took steps to secure the archive and initiated a comprehensive investigation into the matter with the assistance of third-party specialists.”

The company started notifying victims on Dec 27, 2023. Exposed data includes:

· Names and addresses

· Driver’s license numbers

· Social Security numbers

· Medical information including COVID-19 testing or vaccination information

· Fallon employee and job applicant information

Although the company says it has no evidence that the stolen information has been misused, it is offering victims free identity protection services and urges them to remain vigilant against any phishing attempts or suspicious activity on their financial accounts.

“While Fallon is no longer operational, we have taken steps to secure data that may be stored in our archives for compliance with our legal obligations. Additionally, to help further protect your information, we are providing you with free identity protection services for two years,” Fallon added.

The breach was linked to the Alphv/BlackCat ransomware group, which claimed responsibility for the compromise in May 2023. In their initial post, the threat actors said they had stolen a terabyte of data from the healthcare company, including medical reports, paramedic reports, bills, contacts and partner information.

Want to stay on top of data breaches and leaks involving your personal information?

Try Bitdefender Digital Identity Protection and stop losing track of your digital identity and exposure to data breaches. Our identity protection tool acts as your safety net whenever key and sensitive elements of your digital footprint are unwittingly exposed online so you can take the necessary measures to safeguard your identity and money.