The Emergency Medical Services Authority (EMSA) has reached a settlement in a class action lawsuit concerning a data breach in 2024 that exposed patient information. This breach occurred between February 10 and 13, 2024, when an unauthorized party accessed EMSA’s network, obtaining sensitive patient data. The plaintiffs argue that EMSA did not implement adequate cybersecurity measures, leading to identity theft issues for those affected.
EMSA, an Oklahoma-based ambulance service catering to over a million people annually, has not admitted fault but will pay an undisclosed amount to settle the lawsuit. Affected individuals can claim up to $3,000 for documented financial losses directly linked to the breach, including bank fees and credit-related costs. Additionally, they can claim up to four hours of lost time at $15 per hour, with a maximum of $60, included in the $3,000 cap.
The settlement also offers two years of complimentary single-bureau credit monitoring and identity protection services. Affected parties must submit claims by March 5, 2026, with deadlines for exclusion and objection set for February 3, 2026. The final approval hearing is scheduled for April 6, 2026.
