Penalty Amount
$515,000
Consumers Affected
349,255
Comstar, LLC, an ambulance billing vendor, suffered a data breach in March 2022 that exposed sensitive patient information, including Social Security numbers and medical records, of over 349,000 residents in Connecticut and Massachusetts. The settlement requires Comstar to pay $515,000 and implement enhanced security measures such as phishing protection and annual security assessments.
Comstar must pay $515,000 and implement security measures including phishing protection software, vulnerability management program, multi-factor authentication, and conduct annual security assessments for three years with reports to the Connecticut and Massachusetts Attorneys General.
Entity
Comstar, LLC
Also known as: Comstar
Industry
HealthcareOfficial Press Release
https://portal.ct.gov/ag/press-releases/2026-press-releases/attorney-general-tong-announces-settlement-with-ambulance-billing-vendor
comstar final judgment on stipulation.pdf?rev=a352c9d2fe0b44
https://portal.ct.gov/-/media/ag/press_releases/2026/comstar---final-judgment-on-stipulation.pdf?rev=a352c9d2fe0b4456889717d556bfacdc&hash=AB1B7FC92347A3BA676BA8D0023409A9
Connecticut Attorney General Enforcement Page
https://portal.ct.gov/AG/Privacy/Privacy-Resources
$515K
Massachusetts Attorney General secured a $515,000 settlement with Comstar, LLC for a March 2022 data breach that exposed sensitive patient information of over 326,000 Massachusetts residents. Comstar violated Massachusetts Data Security regulations and HIPAA by failing to maintain adequate security measures. The settlement includes monetary payment and mandated security improvements.
$100K
The Connecticut Attorney General announced a $100,000 settlement with Spruce Power 3, LLC to resolve an investigation into billing, customer service, and warranty issues stemming from consumer complaints. The settlement includes refunds for improper charges and requires reforms to improve billing practices and response times. Separately, an investigation was initiated into SunStrong Management LLC based on approximately 65 consumer complaints regarding warranty failures, unresponsiveness, and fees.
Connecticut Attorney General William Tong joined a coalition of 17 attorneys general in filing a lawsuit against the U.S. Department of Education to stop new data reporting requirements under IPEDS that demand detailed student information. The coalition argues the requirements are unlawful, arbitrary, and jeopardize student privacy by requesting in-depth data that could lead to inadvertent errors and baseless investigations. The lawsuit seeks an injunction to block the implementation of these requirements.
Connecticut Attorney General William Tong, joined by 17 other attorneys general, filed a lawsuit against the U.S. Department of Education to block new IPEDS data reporting requirements that demand student information disaggregated by race and sex. The coalition argues the rushed implementation is unlawful, invades student privacy, and risks unreliable data and baseless investigations. They seek an injunction to halt the data collection and protect student privacy.
PURA preliminarily approved the sale of Aquarion Water Company to a new nonprofit Aquarion Water Authority, expected to double water rates. Attorney General Tong opposes the decision, citing loss of public oversight and high costs to consumers. The conversion removes PURA regulation, placing rate approvals under a board with no history of rejecting hikes.
$5.1M
Connecticut Attorney General William Tong secured a $5.1 million financial relief package for tenants of the Concierge Apartments in Rocky Hill following an investigation into unsafe living conditions and landlord mismanagement. The agreement provides cash payments, free rent, and utility waivers to displaced and affected tenants, with a second agreement pending to address long-term accountability and communications.