MedEx Data Breach Affects Over One Hundred Thousand Americans: SSNs Exposed

On March 18, 2024, Medical Express Ambulance Service ("MedEx"), based in Skokie, Illinois, experienced a significant cybersecurity incident. The breach disrupted MedEx's network, affecting access to several internal systems. Upon discovering the incident, MedEx disconnected all network access and engaged cybersecurity specialists to investigate the extent and nature of the breach.

The forensic investigation revealed that an unauthorized threat actor accessed and potentially acquired sensitive information belonging to approximately 118,418 individuals across the United States. Among those affected, 49 individuals were residents of Maine.

The compromised data included both personally identifiable information (PII) and protected health information (PHI), including individuals' full names, dates of birth, demographic details, Social Security numbers, driver's license numbers, passport information, usernames and passwords, financial information, health insurance details, and medical information.

Following the initial investigation, MedEx conducted an extensive data review process, completed on January 30, 2025, to identify exactly which information had been compromised. Subsequently, MedEx finalized the list of affected individuals on March 19, 2025. The company notified impacted consumers via written notice starting on April 14, 2025.

Medical Express Ambulance Service's response

To further support affected individuals, MedEx is providing complimentary credit monitoring and identity theft restoration services for 12 months through Haystack. Affected consumers can enroll in these services using the instructions provided in the written notice sent by MedEx.

Additionally, MedEx has provided guidance on protecting against identity theft and fraud, including instructions on how to place fraud alerts and security freezes on credit files. The company also recommends monitoring financial statements, credit reports, and contacting financial institutions if suspicious activity is detected.

For more detailed information about the breach, individuals can view the official disclosure on the Maine Attorney General's website and the Vermont Attorney General's website. MedEx has also published a data breach notice on its own website for further transparency.