New York ambulance company downplayed Hive Gang hack by 300,000 users

One of the state’s largest private ambulance companies is facing a potentially massive class action lawsuit for waiting months to tell over 318,000 of its customers that their personal information was stolen by hackers.

Empress Ambulance Services also allegedly downplayed the hack by Hive Gang, a notorious ransomware group, telling its customers that only a “small subset of files” were stolen — knowing full well that the social security numbers of at least 100,000 were also compromised medical information according to the most recent lawsuit filed against the company in federal court in Manhattan on Tuesday.

The hack happened in late May, but the company didn’t discover it until July 14 — and then waited until September 9 to notify victims, according to the lawsuit.

Empress also allegedly didn’t tell its customers that the Hive Gang was the culprit behind the hack, despite receiving boastful emails from the criminal enterprise, which reportedly became active in June 2021 and has raised over $100 million since then pocketed ransom payments from 1,300 companies it targeted around the world, according to the FBI.

“We infiltrated your network and stayed there for 12 days (it was enough to study
get all your documentation and access to your files and services),
encrypts your servers, [d]self-loaded most important information with a total size of over 280 GB,” the Empress hacker group wrote, according to the complaint.

According to the lawsuit, the hacker group listed Empress on its website on the dark web shortly after the data breach. It has since been discovered that files taken from the ambulance company are available for download on the dark web.

The lawsuit is one of at least four separate lawsuits against Kaiserin seeking undisclosed damages.

Empress did not respond to requests for comment.