Lawsuit: Oklahoma man alleges EMSA neglected data safety before breach
A former EMSA employee who was a victim of a massive data breach this year has sued, claiming the company failed to protect his sensitive information.
More than 600,000 people were affected by the data theft at EMSA, Oklahoma’s largest ambulance service.
The lawsuit was filed by Oklahoma resident Wade Quick. He has asked the Oklahoma County District Court to certify it as a class-action lawsuit.
An undated post on EMSA’s website said that between Feb. 10 and Feb. 13 this year, someone gained unauthorized access to the company’s network. The data stolen by the hacker was varied but generally included one or more of the following: name, address, date of birth, date of service, and, for some, the name of a patient’s primary care provider and Social Security number.
“We immediately initiated our incident response protocols, which involved shutting off select systems as a proactive measure. We also launched an investigation with the assistance of a third-party forensic firm and notified law enforcement,” EMSA said.
The company sent letters to people whose personal information was stolen in the breach.
EMSA first reported the breach to the federal government on March 22. That report said 611,743 individuals were affected. Theft of health-related records is a significant problem. According to data breach reports submitted to federal regulators, hackers stole 3,377,761 individual records from 12 Oklahoma health care providers in the past two years alone.
Most of those records, more than 2.4 million, were taken from Integris Health servers last year in another data breach. A class-action lawsuit filed against Integris was dismissed by the plaintiff last month.
EMSA has set up a toll-free call center to answer questions about the incident. For more information, you can call 866-495-7098. The line is available from 8 a.m. to 5:30 p.m. Monday through Friday.
“We are providing individuals whose Social Security numbers were involved with a complimentary offer to credit monitoring and identity protection support services,” EMSA said. “Additionally, we’d like to remind patients that it is always a good idea to carefully review the communications they receive from their healthcare providers, including electronic messages, billing statements, and other written communication. If patients see charges for services they did not receive, they should contact the issuing provider immediately.”