Nearly 1 Million Affected by Closed Ambulance Service Data Breach

Penka Hristovska
Penka Hristovska Senior Editor
Penka Hristovska Penka Hristovska Senior Editor

A now-defunct ambulance service in Boston has suffered a data breach that compromised the personal information of nearly 1 million US individuals.

Transformative Healthcare last week sent out breach notifications letters, explaining that a company it purchased in 2018, Fallon Ambulance Services, has suffered a data breach.The company, which provided ambulance services to hospitals in the Boston area, ceased operation in December 2022.

The company was still required to keep an archived copy of data that it previously stored on its computer systems for legal reasons, according to Transformative Healthcare. Then, in April last year, hackers accessed the data storage archive, containing Social Security numbers, names, addresses, vaccination information, COVID-19 testing, medical information, and even employment information.

“On or around April 21, 2023, after Fallon had ceased operations, it detected suspicious activity within its data storage archive. Fallon promptly took steps to secure the archive and initiated a comprehensive investigation into the matter with the assistance of third-party specialists,” Transformative Healthcare said in the letter sent to the Maine Attorney General’s Office.

According to the company, “the activity appears to have occurred as early as February 17, 2023 through April 22, 2023 and that files were obtained by an unauthorized party that may have contained personal information.”

Fallon then began an assessment of the affected files to determine what type of information the hackers may have compromised and to track down the contact information of former consumers whose information was on the files. This process ended around December 27, 2023, at which point, Transformative Healthcare started sending out breach notification letters to all 912,000 affected individuals.

The company noted that there’s no evidence of identity theft or fraud in relation to the cyberattack, it’s now offering two years of free identity protection services to those who were impacted.

National consumer rights law firm Wolf Haldenstein Adler Freeman & Herz LLP later said in its own notice that it’s looking into the situation on behalf of former patients whose information may have been compromised as a result of the data breach.

“If you have received a recent notice of the data breach and have experienced recent concerning activity, it is possible that your personal medical information was compromised and is being offered for sale on the dark web,” the company said.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment