HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

New York Ambulance Service Discloses Ransomware Attack and 318K-Record Data Breach

The New York Ambulance Service, Empress EMS (Emergency Medical Services), has confirmed it was the victim of a ransomware attack. The attack was detected on July 14, 2022, and resulted in files on certain systems being encrypted. According to the company’s website notification, steps were immediately taken to contain the incident and third-party forensics experts were engaged to investigate the attack.

The forensic investigation revealed the attackers first gained access to its network on May 26, 2022, and copied “a small subset of files “on July 13, 2022. Ransomware was then deployed to encrypted files on the network. A comprehensive review of the affected files confirmed they contained protected health information such as names, insurance information, dates of service, and, for some individuals, Social Security numbers. Empress EMS has reported the data breach to the HHS’ Office for Civil Rights as affecting up to 318,558 patients. Empress EMS has notified all affected individuals and has advised them to monitor their healthcare statements for accuracy and said credit monitoring services will be offered to certain individuals.  Empress EMS said steps have been taken to strengthen system security to prevent similar incidents in the future.

Empress EMS did not confirm which group was behind the attack; however, the Hive ransomware gang has claimed responsibility for the attack. Databreaches.net obtained a copy of the ransom note and a sample of the stolen data and reports that the files appear to contain the protected health information of Empress EMS patients. The Hive gang claims to have obtained the Social Security numbers of more than 100,000 patients, and customer information such as email addresses, addresses, passport numbers, phone numbers, payments, and working hours. Employee data was also compromised, along with contracts, NDAs, and other private company information.

At the time of publication, the stolen data is not listed on the Hive group’s data leak site, although some data was briefly uploaded. Typically, if the ransom is not paid the group follows through on its threat and publishes the stolen data.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.