WESTCHESTER COUNTY, NY — Getting a letter in the mail from the ambulance company after a loved one was rushed to the hospital can cause one to revisit a traumatic day all over again. More likely than not, sticker shock is the issue, but hundreds of thousands of Hudson Valley residents learned instead that their sensitive personal information was put at risk.
Information on about 318,558 patients was compromised, according to Empress EMS.
According to the U.S. Department of Health and Human Services Office for Civil Rights, letters were sent out to all the patients affected. In some cases, patients who used the ambulance service as long as five years ago received notices.
Empress EMS is based in Yonkers. The company provides 911 emergency medical response transportation to Westchester County communities, including Yonkers, New Rochelle, Mount Vernon and White Plains. Empress EMS is the sole provider of 911 emergency medical response for the three largest cities in the county.
Empress is a primary mutual aid emergency response agency for New York City. The ambulance company has emergency and non-emergency response contracts with Westchester hospitals, correctional facilities and nursing homes. Every year, Empress reports responding to tens of thousands of emergency calls.
According to databreaches.net and bleepingcomputer.com, the “Hive” ransomware gang told DataBreaches that they were responsible for the incident. They reportedly contacted Empress to inform the company that they had stolen 280+ gigabytes of data, including business files, private company information, employee data and customer data. Hive posted about the attack on its leak site in July, but then took the post down soon after.
It isn’t clear if Empress EMS paid a ransom to prevent the leak of stolen data. The company told those affected that law enforcement was notified of the attack that occurred earlier this year. Social Security numbers, dates of service and the names of insurers were copied in the cyberattack, according to Empress EMS.
“We value the trust our community places in Empress EMS, and we regret any inconvenience or concern this incident may cause you and your family,” company officials told customers in the notification. “We are implementing new network security measures and providing additional training to our employees to help prevent something like this from happening in the future.”
The company said it would offer a free 12-month membership to Experian IdentityWorks Credit 3B, a service that helps detect possible misuse of personal information and provides credit and identity protection services focused on identity theft.
Empress also established a hotline for those patients who may have been unwitting victims of the cyberattack. The dedicated assistance line at 844-690-1251, is available Monday through Friday, from 9 a.m. to 9 p.m., excluding holidays.
The full letter, dated September 9, to those affected, obtained by Patch from a patient who used Empress EMS 5+ years ago, can be read below:
At Empress EMS, we are committed to protecting the privacy and security of our patients’ information. Regrettably, we recently identified and addressed a cybersecurity incident involving some of that information. This letter explains the incident, measures we have taken, and some steps you may consider taking in response.
What Happened? On July 14, 2022, we identified a network incident resulting in the encryption of some of our systems. We took measures to contain the incident, reported it to law enforcement, and we conducted a thorough investigation with the assistance of a third-party forensic firm. Our investigation determined that an unauthorized party first gained access to certain systems on our network on May 26, 2022, and then copied a small subset of files on July 13, 2022.
What Information Was Involved? Many of the impacted files were used by Empress EMS for billing purposes, and our review identified documents containing your name, Social Security number, dates of service, and the name of your insurer, if on file with Empress EMS.
What We Are Doing and What You Can Do. In an abundance of caution, we are offering you a free 12-month membership to Experian IdentityWorks Credit 3B. This product helps detect possible misuse of your personal information and provides you with credit and identity protection services focused on immediate identification and resolution of identity theft. Enrolling in this program will not affect your credit score. For more informaiton on Experian IdentityWorks, including instruction to enroll in your free membership, please see the pages that follow this letter.
We value the trust our community places in Empress EMS, and we regret any inconvenience or concern this incident may cause you and your family. We are implementing new network security measures and providing additional training to our employees to help prevent something like this from happening in the future.
For More Information. If you have any questions about this incident, please call our dedicated assistance line at 844-690-1251, Monday through Friday, 9:00 a.m. and 9:00 p.m., Eastern Standard Time, excluding major U.S. holidays.
Hanan Cohen, Director of Corporate Development and Compliance