Electrostim Medical Services Data Breach Impacts 543,000 Patients
The Florida medical device company Electrostim Medical Services, Inc., which does business as EMSI, has recently confirmed that it suffered a cyberattack in May 2023 which involved access to parts of the network containing patient data. The Electrostim Medical Services data breach has recently been reported to the HHS’ Office for Civil Rights as affecting 542,990 patients.
Suspicious activity was detected within its network on May 13, 2023, and after securing its systems, third-party cybersecurity specialists were engaged to assess the nature and scope of the incident. The investigation confirmed that unauthorized individuals had access to its network for around two weeks between April 27, 2023, and May 13, 2023. While data theft was not confirmed, the unauthorized individuals had access to parts of the network containing patients’ protected health information and that information may have been copied. Electrostim Medical Services said it has not learned of any instances of attempted or actual misuse of patient data as a result of the security incident.
The breach notifications explained that the delay in notifications was due to an extensive review of its network to determine the individuals and data types involved, and a review of internal records to identify contact information to allow notification letters to be sent. The types of information involved varied from individual to individual and may have included the following: name, address, email address, phone number(s), diagnosis, insurance information, subscriber number, and product(s) prescribed and billed.
Electrostim Medical Services said notification letters were mailed in late December and steps have been taken to improve network security.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy