Empress Emergency Medical Services, a New York-based company that provides emergency ambulance services, has revealed a data breach that revealed customer information. The company was hit by a ransomware attack on July 14, 2022. According to the investigation, the attacker got access to Empress EMS’s systems on May 26, 2022. A month and a half later, on July 13, the hackers stole “a small subset of files” before deploying the encryption.
The allegedly exposed information includes:
- Names
- Insurance details
- Numbers of Social Security
- Service dates
The attack details describe a typical double-extortion ransomware incident in which cybercriminals steal files, encrypt systems, and then intimidate the victim with data publication unless a ransom payment is made.
Empress reported to the US Department of Health and Human Services that 318,55 individuals were impacted by this incident. However, there are worries that more people will be affected. According to the notice, even those who haven’t yet received a letter but can verify they utilized Empress EMS’s services via healthcare statements should contact the company by October 9, 2022, to receive credit monitoring services. Empress EMS claims to have strengthened the security of its systems and protocols to avoid similar incidents in the future.
We tried contacting the company but didn’t get any answer while preparing this report.
