Superior Air-Ground Ambulance Service, Inc. {“Superior”) has locations in five states: Illinois, Indiana, Ohio, Michigan, and Wisconsin. On May 10, they notified HHS of an incident affecting 858,238 patients.
A notice on their website explains that they discovered unusual activity in their network in May 2023.
“On June 23, 2023, the investigation determined that an unauthorized actor copied certain files from the network between May 15 and May 23, 2023,” they write. Since then, they were determining the scope of the attack and who needed to be notified.
The information that is present in the affected files varied by individual but may have included name, address, date of birth, Social Security numbers, driver’s license or state identification number, financial account information, payment card information, patient record information, medical diagnosis or condition information, medical treatment information, and health insurance information.
The substitute notice does not make any mention of any complimentary services. Perhaps that is in letters sent to individuals whose SSN or other identity information or financial information was compromised. The types of information involved in this one are likely to trigger potential class action lawsuits.
DataBreaches emailed Superior yesterday to ask whether this incident involved any encryption of data and whether there was any extortion or ransom demand, and if so, what group appeared to be involved. No reply has been received by publication, but this post will be updated if a reply is received.