Ransomware attack on AAA ambulance service causes leak of customers’ health data

AAA Ambulance Service executives revealed a data leak resulting from an attempted ransomware infection detected on the company’s systems last July. In its statement, the company notes that the incident occurred during the early morning of July 1. After nearly two months of investigations, AAA determined that a threat actor accessed the company’s systems and managed to extract personal records from some users and customers.

Among the data exposed due to this incident are details such as:

  • Full names
  • Dates of birth
  • Social Security Numbers
  • Driver’s license numbers
  • Financial account numbers
  • Medical history details, among others

“We want to emphasize that there are no clear signs to suggest that this information has been used for malicious purposes,” the company adds in its statement.

The company mentioned that appropriate measures were taken immediately after the attempted infection was detected, including some actions to prevent potentially affected data from being encrypted, enabling additional protection measures on its storage systems, and launching extensive research in collaboration with external cybersecurity experts and relevant authorities.

All users potentially affected by the leak have already been notified, plus the company will help them with an online fraud protection service for free. AAA also enabled a call center in which users can clarify their doubts about the incident: “The privacy and protection of our customers’ and employees’ data is one of our priorities, we regret any inconvenience this may cause you,” concludes the company’s release.