60,000 Records Exposed in EmCare Phishing Attack
The Dallas, TX-based physician staffing company EmCare has announced that it has suffered a data breach that has impacted approximately 60,000 individuals, 31,000 of whom were patients.
The exposed information was detailed in emails and email attachments in employee email accounts that were accessed by an unauthorized individual after several employees responded to phishing emails and disclosed their email credentials. It is unclear from Emcare’s breach notice when the breach occurred and how long the attackers had access to email accounts.
The breach was discovered on February 19, 2019. An investigation was launched and, assisted by a third-party computer forensics company, it was discovered that the compromised email accounts contained information about patients, employees, and contractors. The following information was saved in email accounts and was potentially accessed or copied by the attackers: Names, dates of birth, driver’s license numbers, Social Security numbers, demographic information, and clinical information.
The investigation did not uncover evidence to suggest patient or employee information was accessed or exfiltrated by the attackers, although the possibility could not be ruled out. No reports have been received to suggest that patient or employee information has been misused to date.
Emcare is offering one year of credit monitoring and identity theft protection services at no cost to individuals whose Social Security number or driver’s license number was potentially compromised.
Notifications letters were sent to affected individuals on April 19, 2019, 59 days after the discovery of the breach – A day before the HIPAA Breach Notification Rule reporting deadline.
EmCare has responded to the breach by implementing a range of “advanced IT solutions” and employees have been provided with further training on email security.
The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates 31,236 patients were impacted by the breach.