On August 13, 2024, Ambulnz Holdings, LLC filed a notice of data breach with the Attorney General of California after discovering unauthorized access to its IT network. The incident affected sensitive information belonging to patients of multiple healthcare providers, including Jefferson Health, Main Line Health, Mount Sinai Health System, and UCHealth. The compromised data may include patients’ names, Social Security numbers, dates of birth, addresses, and medical information. Following the incident, Ambulnz initiated a data breach notification process, informing all individuals whose information was impacted.
The breach was initially identified on April 22, 2024, when Ambulnz became aware of unusual activity within its IT systems. In response, the company secured its systems and notified law enforcement, subsequently launching an investigation to understand the extent of the breach. The investigation revealed that an unauthorized party had accessed and downloaded files from Ambulnz’s network between April 21 and April 22, 2024. It was only on May 7, 2024, that Ambulnz confirmed the presence of confidential patient information in the compromised files.
Ambulnz’s review of the affected files highlighted the varied nature of the leaked information, which could include names, Social Security numbers, birth dates, addresses, and medical records. As a precautionary measure, the company began sending out data breach notification letters to all individuals impacted by the breach, detailing the type of information that may have been compromised. This communication aims to ensure that affected individuals are aware of the potential risks associated with the data breach.
Founded in 2017 and based in New York, Ambulnz Holdings, LLC is a medical transportation company that operates under its parent company, DocGo, which provides mobile medical services. Ambulnz employs a workforce of approximately 3,500 paramedics and EMTs nationwide, while DocGo boasts over 6,000 employees and generates an estimated $703 million in annual revenue. The breach underscores the importance of cybersecurity within the healthcare sector, particularly given the sensitive nature of the data involved and the potential consequences for affected individuals.
Reference: