More and more companies have suffered data breaches, in particular healthcare-related companies. This class action brings suit against Empress Ambulance Service, LLC, alleging that it did not adequately protect the personally identifiable information (PII) and protected health information (PHI) that it held in its systems, resulting in the exposure of the information of more than 300,000 people.
The class for this action is all persons whose PII or PHI was exposed to unauthorized parties in the data breach, including all persons who were sent a notice of the data breach.
Empress provides emergency medical services in areas of New York, such as Yonkers, Poughkeepsie, White Plains, and the Bronx.
On its website, the complaint alleges, the company claims to be “committed to protecting your personal health information[.]” The complaint quotes the company as saying, “We respect your privacy, and treat all healthcare information about our patients with care under strict policies of confidentiality that our staff is committed to following at all times.”
The complaint alleges that the data breach took place between May 26 and July 13, 2022, but that the company did not begin to report the breach to government agencies or the public until almost two months afterwards, around September 9, 2022. The notice said that the information stolen from Empress included “names, dates of service, insurance information, and in some instances, Social Security numbers.”
The complaint claims, “Cyber criminals seek out PHI at a greater rate than other sources of personal information.” It alleges, “A study by Experian found that the ‘average total cost’ of medical identity theft is ‘about $20,000’ per incident, and that a majority of victims of medical identity theft were forced to pay out-of-pocket costs for healthcare they did not receive in order to restore coverage.”
According to the complaint, the data breach occurred because of Empress’s “inadequate security and breach of its duties and obligations” and its failure to adequately protect and safeguard the private information it collected from patients.
Data breaches are more serious when they involve PHI, the complaint alleges, and the fraud that results from its use is more difficult to detect.
The complaint quotes the Federal Trade Commission (FTC) as saying that those who steal PHI along with PII may use the information “to see a doctor, get prescription drugs, buy medical devices, submit claims with your insurance provider, or get other medical care.” It also quotes the FTC as saying, “If the thief’s health information is mixed with yours, it could affect the medical care you’re able to get or the health insurance benefits you’re able to use. It could also hurt your credit.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Empress Ambulance Service Data Breach Complaint
October 31, 2022
More and more companies have suffered data breaches, in particular healthcare-related companies. This class action brings suit against Empress Ambulance Service, LLC, alleging that it did not adequately protect the personally identifiable information (PII) and protected health information (PHI) that it held in its systems, resulting in the exposure of the information of more than 300,000 people.
Empress Ambulance Service Data Breach ComplaintCase Event History
Empress Ambulance Service Data Breach Complaint
October 31, 2022
More and more companies have suffered data breaches, in particular healthcare-related companies. This class action brings suit against Empress Ambulance Service, LLC, alleging that it did not adequately protect the personally identifiable information (PII) and protected health information (PHI) that it held in its systems, resulting in the exposure of the information of more than 300,000 people.
Empress Ambulance Service Data Breach Complaint