New York medical transportation company experiences data breach

A New York medical transportation company, Ambulnz Holdings, LLC experienced a recent data breach impacting over 4000 individuals. 

What happened 

On April 22, 2024, Ambulnz noticed some unusual activity in their IT systems and quickly responded by securing their network and alerting law enforcement. They discovered that an unauthorized individual had accessed their network between April 21 and April 22, 2024. During this time, the intruder managed to access and take certain files that contained sensitive patient information. 

This information included patients' names, dates of birth, addresses, medical record numbers, patient account numbers, health insurance IDs, and details about diagnoses and treatments. For a few patients, their Social Security and driver's license numbers were also compromised. In response to this breach, Ambulnz started notifying affected patients by mail on June 21, 2024, and established a dedicated hotline to address any concerns and questions from those impacted.

See also: What is data security?

What was said

In the notice of data security Ambulnz provided, “Our investigation determined that an unauthorized party accessed our IT network between the dates of April 21, 2024 and April 22, 2024. While in our IT network, the unauthorized party accessed and acquired certain files.”

Why it matters 

Breaches in healthcare are particularly alarming due to the sensitive nature of the data involved, which often includes personal details like names, addresses, Social Security numbers, medical records, and health insurance information. The uptake in breaches like the Texas Retina Associates breach, which affected nearly 300,000 individuals and exposed a vast array of personal and medical data, is therefore disconcerting. 

The exposure of personal health information not only puts individuals at risk of identity theft and financial fraud but also threatens medical identity theft, which can lead to incorrect medical treatment and false medical records. 

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

What is a notice of data security incident?

A notice of data security incident is a formal communication issued by an organization to inform affected individuals about a breach involving their personal or sensitive data.

What is the Breach Notification Rule?

The Breach Notification Rule is a federal regulation that requires healthcare providers, plans, and their business associates to notify affected individuals, the Secretary of Health and Human Services, and sometimes the media about a breach of unsecured protected health information.

What is data security?

Data security refers to the protective measures and protocols implemented to prevent unauthorized access, use, disclosure, disruption, modification, or destruction of information.