Incident comes following ransomware attack in July
UPDATED A ransomware attack on a Mississippi ambulance service resulted in a data breach affecting an as yet unknown number of patients, investigators have discovered.
The security incident at AAA Ambulance Service (AAA), based in Mississippi, US, was discovered on July 1, 2020.
After taking “immediate steps” to mitigate the attack, AAA said it employed a third-party forensic team to conduct an investigation.
As part of that investigation, security experts have determined that personally identifiable information may have been access by an unknown third party.
First and last names, social security numbers, bank details, medical records information, and health insurance information are among the details that were exposed by the breach.
A statement (PDF) from AAA claims there is no evidence to suggest that any data has been “actually misused”.
The document reads: “On August 26, 2020, after thorough investigation, AAA learned that the personal information of certain individuals may have been accessed or taken during the incident.”
AAA said that in addition to notifying those affected directly, it is offering complimentary credit monitoring services.
It added: “The privacy and protection of private information is a top priority for AAA. We deeply regret any inconvenience or concern this incident may cause.”
The statement contains more information on how victims can protect themselves and their data from fraud.
The incident comes after a number of breaches affecting US healthcare services via a ransomware attack on a third-party vendor.
Blackbaud, which provides fundraising software for organizations across the globe, suffered a ransomware attack in May 2020.
A spokesperson for AAA confirmed to The Daily Swig that this incident was not a result of the Blackbaud incident.
This article has been updated to include clarification from AAA