Defunct Ambulance Service Data Breach Impacts Nearly 1 Million People

The ALPHV ransomware gang claimed responsibility for the attack on Transformative Healthcare in late April 2023 and exported a terabyte of data, including medical and paramedic reports.

Fallon Ambulance Services, a subsidiary of Transformative Healthcare and now-defunct Ambulance Service, covering the greater Boston area in the United States, was targeted by a ransomware attack, exposing nearly a million people.

According to the breach notification submitted to the Maine Attorney General, around 911,757 individuals nationwide, including 20,486 Maine residents, have been affected by the attack which occurred on 17 February 2023 and was discovered on 21 April 2023.

The perpetrator accessed a server containing patient information, which the company claims was stored to “comply with legal obligations.” Fallon Ambulance Services had ceased operations in December 2022. However, in April 2023, Transformative detected suspicious activity within its data storage archive from late February 2023 to late April 2023.

The company hired third-party cybersecurity specialists for an investigation. Initial probing revealed that files were obtained by an “unauthorized party,” possibly containing personal information and COVID-19 testing information.

According to the company’s notification, the exposed data included names, driver’s license numbers, and non-driver identification card numbers. Maine residents were notified in writing on 27 December 2023.

The Maine Attorney General urges those who received ambulance services from Fallon Ambulance Service between February and December 2022 to be vigilant and take steps to protect themselves, including regular credit report reviews, freezing, and being wary of phishing scams and unsolicited calls or emails from Transformative Healthcare or credit bureaus.

****ALPHV Ransomware Gang’s Connection****

The ALPHV ransomware gang, whose domains were recently seized by security agencies, claimed Transformative Healthcare, as a victim in late April 2023, exporting a terabyte of data, including medical/paramedics reports and patient details.

Before law enforcement cracked down, the ALPHV ransomware gang had already snagged several high-profile victims, including MGM Resorts, NCR Data Center, Amazon’s Ring, Reddit, and more.

Transformative Healthcare, which acquired Fallon Ambulance Service in September 2022, is offering free identity theft protection services to impacted customers.

The healthcare sector has been facing severe cyber attacks. According to the latest report from cybersecurity firms, hackers have been deliberately targeting hospitals and emergency services to gain malicious advantages.

The Transformative data breach shows how important it is to have strong security in healthcare. Nowadays, healthcare uses a lot of digital systems, so it’s crucial to put in place strong security measures to protect patients’ private information.

****RELATED ARTICLES****

1. Ransomware attack on hospital causes patient’s death
2. 7TB of Healthcare Data Leak Affects 12 Million Patients
3. CISA warns of disruptive ransomware attacks on US hospitals
4. Hospital computers in England hacked; hackers demanding ransom
5. Hacker demands ransom in Bitcoin after taking over hospital servers
6. Authorities bust hacker group planning to hit hospitals with ransomware