Empress EMS (Emergency Medical Services), a New York-based provider of emergency response and ambulance services, disclosed a data breach that exposed customer information.
According to the notification, the company suffered a ransomware attack on July 14, 2022.
An investigation into the incident revealed that the intruder gained access to Empress EMS systems on May 26, 2022. About a month and a half later, on July 13, the hackers exfiltrated “a small subset of files a day before deployment. encryption.
“Some of these files contained patient names, dates of service, insurance information and, in some cases, social security numbers,” the report says. disclosure of Empress EMS.
“Empress EMS sends letters to affected individuals and offers eligible individuals credit monitoring services,” the company announced.
Attack details describe a standard double extortion ransomware incident where cybercriminals steal files, encrypt systems, then threaten the victim to release the data unless a ransom is paid.
Although the company does not mention the group responsible for the attack. However, BleepingComputer discovered that the Hive ransomware gang prepared a non-public entry for the Empress EMS data leak on July 26.
The ransomware gang removed the related entry from its website, but we were able to verify that Hive released the data after checking the cyber-intelligence firm’s dark web historical data. KELA.
Empress has informed the U.S. Department of Health and Human Services that the number of people affected by this incident is 318.55. However, there are fears that more people could be affected.
The notice explains that even those who have not received a letter but can confirm that they have used Empress EMS services via health care records, must contact the company by October 9, 2022 to qualify for the benefits. credit monitoring services.
Empress EMS says it has tightened the security of its systems and protocols to prevent similar incidents from happening in the future.
Today, Cole & Van Note, an American law firm specializing in consumer rights, has announcement an investigation of the incident to explore litigation and reimbursement options on behalf of those affected.