Cyber Incident Victim: AAA Ambulance Service
Date:
Jul 2020
Location:
United States of America
Summary
AAA Ambulance Service experienced a ransomware attack that was detected and prevented from encrypting systems, though an investigation later revealed potential unauthorized access to sensitive personal and health information. The compromised data included individuals' names combined with details such as Social Security numbers, medical records, financial account information, insurance details, and treatment histories, though no actual misuse of the information has been confirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
AAA Ambulance Service, based in Mississippi, experienced an attempted ransomware attack in the summer of 2020. On or about July 1, 2020, the organization discovered the attempted cyber intrusion and implemented immediate measures to prevent the encryption of its systems. These actions included hardening security protocols and initiating an investigation to assess the nature and scope of the incident. The company did not specify the exact ransomware variant involved or the initial attack vector used by the threat actors. Over the following weeks, AAA Ambulance Service conducted a thorough forensic review of its systems to determine whether data had been compromised during the incident. This investigation concluded on August 26, 2020, when the organization confirmed that unauthorized access to sensitive information had potentially occurred. Throughout this period, the ambulance service maintained operational continuity while working to contain the incident and mitigate further risks.
The investigation revealed that attackers potentially accessed or exfiltrated personal information belonging to an undisclosed number of individuals. The compromised data included first and last names combined with one or more of the following elements: dates of birth, Social Security numbers, driver’s license numbers, financial account details, medical diagnoses, treatment information, patient account numbers, prescription data, medical record numbers, and health insurance information. AAA Ambulance Service issued a public notice acknowledging the potential breach but emphasized no evidence of actual misuse of the exposed data. As a precautionary measure, the organization offered credit monitoring services to affected individuals and provided guidance on protecting personal information. The company reiterated its commitment to security improvements following the attack but did not disclose specific technical enhancements made to its systems. No ransomware payment was mentioned in the public disclosure, and the incident was reported to relevant authorities in compliance with regulatory requirements.