Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider has confirmed a ransomware attack that exposed customer information.
The incident was reported to the U.S. Department of Health and Human Services. Although the Empress EMS report said 318,558 people were affected, there are fears that more people could be affected.
An investigation of the incident revealed that the intruder had gained access to Empress EMS systems on 26 May 2022. On 13 July, the day before the encryption, the hackers infiltrated “a small subset of files.”
“Some of these files contained patient names, dates of service, insurance information and, in some instances, Social Security numbers,” the company said in the statement.
The company said it had increased the security of its system and protocols to prevent similar incidents in the future.
According to the notification from Empress EMS, those who have not received a letter but can confirm that they have used Empress EMS’s services should contact the company to obtain credit monitoring services by 9 October 2022.
The sources for this piece include an article in BleepingComputer.