Acadian Ambulance Breach: Patient Data Exposed in Ransomware Attack  

In June 2024, Acadian Ambulance Service, a major medical transportation provider, detected suspicious activity within its computer network, signaling the start of a significant data breach. Attackers gained unauthorized access to Acadian's systems between June 19 and June 21, 2024. During this window, the threat actors exfiltrated files and folders containing sensitive patient information. The notorious Daixin Team, a ransomware group known for targeting the healthcare sector, claimed responsibility for the attack.  
They alleged to have stolen 10 million unique records and demanded a $7 million ransom, which Acadian reportedly refused to pay, offering a significantly smaller counterpayment of $173,000. The compromised database reportedly held a vast amount of patient-related data, including names, addresses, Social Security numbers, dates of birth, and detailed medical information collected during the patient intake process. The breach was discovered internally by Acadian on or around June 21, 2024, when they became aware of the suspicious activity.  
Acadian Ambulance Service, Inc., founded in 1971, is a Louisiana-based medical care and transportation service. It operates a large fleet of ambulances and provides emergency and non-emergency transport, air services, and at-home medical care across Louisiana, Texas, Mississippi, and Tennessee, serving millions of residents.  

Breach Unveiled  

• June 19-21, 2024: Unauthorized actors access Acadian Ambulance's network and exfiltrate data.  
• June 21, 2024: Acadian Ambulance detects suspicious activity on its network.  
• June 22, 2024: Ransom negotiations reportedly begin between Daixin Team and Acadian.  
• July 2024 (early): Reports surface that Acadian Ambulance has been targeted in a cyberattack.  
• July 23, 2024: The Daixin Team lists Acadian Ambulance on its data leak site, claiming to possess data on 10 million individuals and demanding a $7 million ransom.  
• August 20, 2024: Acadian Ambulance reports the breach to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights, stating that nearly 2.9 million individuals' protected health information was involved.  
• November 2024: Acadian Ambulance begins sending notification letters to affected individuals.  
• January 2025 (late): Attorneys for Acadian Ambulance file to dismiss a consolidated class-action lawsuit related to the breach.  
• May 2025: A federal magistrate judge states a ruling on the dismissal request will come at a later date.  

Acadian's Response and Remediation  

Following the detection of the breach, Acadian Ambulance stated it immediately took steps to secure its systems and initiated an investigation with the help of third-party cybersecurity specialists. The company publicly acknowledged the "network security incident" and confirmed that the attackers accessed a server containing protected health information.   
Acadian reported that its swift response, including shutting down affected systems and activating backups, prevented a negative impact on patient care and ambulance dispatching. The investigation aimed to determine the full scope of the incident and identify the individuals whose information may have been compromised. 
  
Acadian Ambulance began notifying affected individuals in November 2024, offering complimentary credit monitoring and identity theft protection services through CyEx. The company also reported the event to federal law enforcement and relevant regulatory authorities. As part of its ongoing commitment to data privacy, Acadian stated it is reviewing and updating its policies, procedures, and processes to reduce the risk of similar future incidents.  
Despite these measures, Acadian is facing a consolidated class-action lawsuit, which it is currently seeking to dismiss, arguing that plaintiffs have not proven actual harm from the data leak. The investigation into the full extent and impact of this recent data breach is ongoing.