A class action lawsuit was filed against Superior Air-Ground Ambulance Service over a data breach that impacted over 858,000 people. Superior Air-Ground Ambulance Service is the biggest locally operated emergency medical services company operating in the great Chicagoland area and in 5 Midwest states.
The company detected unauthorized access to its system in May 2024. The forensic investigation revealed that an unauthorized third party accessed its system for one week and extracted files that included the protected health information (PHI) of patients. The data stolen in the cyber attack involved names, addresses, birth dates, state ID numbers/driver’s licenses, Social Security numbers, patient record details, medical diagnosis/condition details, treatment data, financial account and payment card data, and medical insurance data. The attack affected 858,238 patients, whose data were stolen.
On June 6, 2024, Kirston Spann II filed a lawsuit in the U.S. District Court for the Northern District of Illinois because of the personal data and PHI that were stolen during the attack. The lawsuit claims the plaintiff and other individuals in the same situation have endured real injuries because of the data breach and those injuries were the consequence of the defendant’s negligence.
The lawsuit claims the defendant kept personal data in a careless way and did not follow reasonable and proper security measures to secure sensitive data, which includes performing routine security updates and employing data encryption. The lawsuit asserts the defendant did not comply with the Health Insurance Portability and Accountability Act (HIPAA) and state regulations. The company could have prevented the data breach if the proper security procedures were enforced. The lawsuit additionally states that the issuance of breach notification letters to impacted persons was unnecessarily delayed.
Because of those failures, the privacy of over 858,000 people had been violated. Those people are getting more spam messages. Their private data is in the possession of cybercriminals and exposed on the dark web.
The lawsuit wants class action certification, nominal damages for the improper use of their private data, statutory damages, injunctive relief, and a jury trial, which include a court order requiring Superior Air-Ground Ambulance Service to enhance security to avoid the same data breaches later.
