The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Electrostim Medical Services Data Breach Impacts 543,000 Patients

Posted By on Jan 17, 2024

The Florida medical device company Electrostim Medical Services, Inc., which does business as EMSI, has recently confirmed that it suffered a cyberattack in May 2023 which involved access to parts of the network containing patient data. The Electrostim Medical Services data breach has recently been reported to the HHS’ Office for Civil Rights as affecting 542,990 patients.

Suspicious activity was detected within its network on May 13, 2023, and after securing its systems, third-party cybersecurity specialists were engaged to assess the nature and scope of the incident. The investigation confirmed that unauthorized individuals had access to its network for around two weeks between April 27, 2023, and May 13, 2023. While data theft was not confirmed, the unauthorized individuals had access to parts of the network containing patients’ protected health information and that information may have been copied. Electrostim Medical Services said it has not learned of any instances of attempted or actual misuse of patient data as a result of the security incident.

The breach notifications explained that the delay in notifications was due to an extensive review of its network to determine the individuals and data types involved, and a review of internal records to identify contact information to allow notification letters to be sent. The types of information involved varied from individual to individual and may have included the following: name, address, email address, phone number(s), diagnosis, insurance information, subscriber number, and product(s) prescribed and billed.

Electrostim Medical Services said notification letters were mailed in late December and steps have been taken to improve network security.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist