New York Ambulance Service Discloses Ransomware Attack and 318K-Record Data Breach

By | September 19, 2022

The New York Ambulance Service, Empress EMS (Emergency Medical Services), has confirmed it was the victim of a ransomware attack. The attack was detected on July 14, 2022, and resulted in files on certain systems being encrypted. According to the company’s website notification, steps were immediately taken to contain the incident and third-party forensics experts were engaged to investigate the attack.

The forensic investigation revealed the attackers first gained access to its network on May 26, 2022, and copied “a small subset of files “on July 13, 2022. Ransomware was then deployed to encrypted files on the network. A comprehensive review of the affected files confirmed they contained protected health information such as names, insurance information, dates of service, and, for some individuals, Social Security numbers. Empress EMS has reported the data breach to the HHS’ Office for Civil Rights as affecting up to 318,558 patients. Empress EMS has notified all affected individuals and has advised them to monitor their healthcare statements for accuracy and said credit monitoring services will be offered to certain individuals.  Empress EMS said steps have been taken to strengthen system security to prevent similar incidents in the future.

Empress EMS did not confirm which group was behind the attack; however, the Hive ransomware gang has claimed responsibility for the attack. Databreaches.net obtained a copy of the ransom note and a sample of the stolen data and reports that the files appear to contain the protected health information of Empress EMS patients. The Hive gang claims to have obtained the Social Security numbers of more than 100,000 patients, and customer information such as email addresses, addresses, passport numbers, phone numbers, payments, and working hours. Employee data was also compromised, along with contracts, NDAs, and other private company information.

At the time of publication, the stolen data is not listed on the Hive group’s data leak site, although some data was briefly uploaded. Typically, if the ransom is not paid the group follows through on its threat and publishes the stolen data.

The post New York Ambulance Service Discloses Ransomware Attack and 318K-Record Data Breach appeared first on HIPAA Journal.