The New York-based Ambulance Service, Empress Emergency Medical Services (EMS) has recently experienced a ransomware attack. On July 14, 2022, the EMS provider discovered some encryption on its systems. A number of security measures were implemented to reduce the risk of harm posed by the incident and local law enforcement was promptly notified. Empress EMS then immediately launched a forensic investigation with the help of cybersecurity forensic specialists to determine the nature of the breach and what information had been accessed. The investigation concluded that an unauthorized third party had gained initial access to certain Empress EMS systems on May 26, 2022 where the malicious actor copied a small subset of files on July 13, 2022.
The investigation also determined that the third party had gained access to information relating to patient names, dates of service, insurance information, and Social Security numbers. Empress EMS reported the incident to the HHS’ Office for Civil Rights concluding that the breach had affected 318,558 individuals. The service provider also issued breach notification letters to potentially affected individuals in which they detailed the nature of the incident and advised a number of mitigations affected individuals can take to reduce the risk of harm such as regularly monitoring healthcare statements for accuracy. Express EMS has offered certain patients complimentary credit monitoring services and has implemented several additional safeguards in order to prevent further similac security breaches.
Although Empress EMS did not disclose who was responsible for the assault, the Hive ransomware gang has claimed responsibility. According to Databreaches.net, which has gotten a copy of the ransom message and a sample of the stolen data, the files appear to contain the protected health information of Empress EMS patients. In addition to client data such as email addresses, addresses, passport numbers, phone numbers, payments, and working hours, the Hive gang claims to have obtained the Social Security numbers of over 100,000 patients, along with contracts, non-disclosure agreements, and other confidential firm data. However, the stolen material has not been posted on the Hive group’s data leak site who typically post information if the victim refuses to pay the ransom.