Medical Express Ambulance Service Data Breach
NOTICE: If you received a NOTICE OF DATA BREACH letter from Medical Express Ambulance Service, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.
On April 14, 2025, Medical Express Ambulance Inc., doing business as MedEx Ambulance (“MedEx”), reported a significant cybersecurity incident to the Maine Attorney General’s Office. The incident, which occurred on March 18, 2024, involved a network disruption that impacted the functionality and access of certain systems (the “Data Breach”). The forensic investigation determined that an unauthorized party accessed and potentially acquired sensitive personal and medical information. Approximately 118,418 individuals have been impacted.
Recently, MedEx began sending data breach notification letters to individuals affected by the Data Breach. These letters include an offer of 12 months of complimentary credit monitoring and identity theft restoration services through Haystack. As of now, MedEx has not disclosed any further information about the Data Breach. If you received a data breach notification letter from MedEx, it indicates that your information was affected by the Data Breach.
Founded in 1998, MedEx is a private ambulance service provider headquartered in Skokie, Illinois. MedEx offers a variety of services, including basic and advanced life support ambulance transportation, critical care services, Medicar and service car transports, serving the Chicago metropolitan area. The company operates a fleet of over 80 ambulances and employs more than 200 individuals, generating approximately $9.2 million in annual revenue.
WHAT INFORMATION IS INVOLVED?
As of now, Western Wayne Physicians has not disclosed any further information about the Data Breach. We will continue to monitor the situation for updates. The types of information compromised are not clear at the moment but may potentially include the following:
- Full names,
- Dates of birth,
- Demographic information,
- Social Security numbers,
- Driver’s license numbers,
- Medical information,
- Financial information,
- Health insurance information,
- Usernames and passwords,
- Passport information.
This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity.
Personal medical information (a specific type of PII) is referred to as Protected Health Information (“PHI”). It is protected under both state and federal law. Healthcare providers and other businesses who handle PHI are required to protect that information. Like stolen PII, stolen PHI can be used by identity thieves to engage in fraudulent activity using your identity. Quite often, PII and PHI are used in conjunction by hackers.
The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible.
California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).