Cyber Incident Victim: Comstar LLC

On March 26, 2022, Comstar LLC, a US ambulance billing service, detected suspicious activity involving some of its servers, indicating a network intrusion. The company immediately secured its network and initiated an investigation with third-party experts to assess the incident's nature and scope. The investigation, concluded on April 21, 2022, confirmed unauthorized access to certain systems within Comstar's network. While the investigation could not definitively identify which specific data was accessed during the breach, a subsequent review of the compromised systems revealed that exposed information included patients' names, dates of birth, medical assessment details, medication administration records, health insurance information, driver's licenses, financial account details, and Social Security numbers. Comstar did not disclose the number of affected individuals in its June 14 breach notification but acknowledged the incident impacted "certain individuals" whose data resided on the accessed systems.

Comstar undertook a comprehensive review of the compromised systems following the April 21 confirmation of unauthorized access to identify the specific information contained within those systems and determine which individuals required notification. The company offered free credit monitoring services to potentially impacted individuals as a remedial measure, though it provided no further details regarding the attack vector, threat actor, or forensic findings. The breach exposed highly sensitive healthcare and financial data, creating risks of identity theft and medical fraud for affected patients. Comstar's public disclosure occurred nearly three months after the initial detection, with the June 14 notification marking the first official confirmation of the incident's data impact. No information was released regarding system restoration timelines, regulatory penalties, or whether data exfiltration occurred beyond unauthorized access.