Stephen Marcantel reports that Acadian Ambulance is seeking dismissal of a class-action lawsuit stemming from a ransomware attack in 2024 by Daixin Team. Acadian is claiming there is no proof that any patient has experienced any actual harm from the breach.
The lawsuit, which was consolidated from 10 other class actions, claims that the July 2024 data breach of the company led to sensitive information, such as Social Security numbers, of 2.9 million people being leaked onto the dark web.
Federal Magistrate Judge Carol Whitehurst said during a Wednesday hearing that she would rule on the request at a later date.
Attorneys first filed to dismiss the case in late January, according to online records.
Acadian Ambulance’s main thrust is that data breach victims have given no proof that they were actually harmed by the leak, claiming that “zero damages multiplied across an alleged class of 2.9 million is still zero dollars” and that plaintiffs “cut-and-pasted” their alleged injuries from recent class actions.
Read more at The Advocate.
The company, which operates air and ground ambulance services in Louisiana, Texas, Mississippi and Tennessee, issued a news release in June announcing it had been the victim of a cyberattack.
Daixin, a hacker group, in July stole personal information of potentially millions of patients. The lawsuit claims that 2.9 million people were affected, but Acadian Ambulance said the number of victims was much smaller. The company also said that private employee data, including social security numbers, were not compromised.
The hacker group, holding the data ransom, asked for $7 million for its release to the company. Acadian Ambulance refused to pay.
The lawsuit alleges Acadian Ambulance failed to properly secure plaintiffs’ and class action members’ personally identifiable information and personal health information despite warnings in recent years of cybersecurity threats particularly aimed at medical institutions and patient information.