Hackers Steal Data from New York Emergency Medical Service

Colin Thierry Colin Thierry
Published on: September 20, 2022
Hackers Steal Data from New York Emergency Medical Service

New York-based Empress Emergency Medical Services (EMS) issued a notice informing customers that it has lost ‘some data’ to threat actors.

Based in Yonkers, NY., Empress Emergency Medical Services (EMS) prides itself on being “one of the premier providers of both emergency and non-emergency medical transport in New York State.”

According to its website, the medical service focuses its efforts on providing patient care “in a personal and compassionate manner.” It has over 200 “high-caliber personnel” on staff, 24-hour communications center houses, and “one the most advanced computer aided systems in the region.”

However, Empress recently issued a notice informing anyone concerned that it fell victim to a cyber-incident impacting the privacy and security of its patients’ information.

On July 14, 2022, the service identified a network incident resulting in the encryption of some of its systems (also known as a ransomware attack), according to its letter to customers.

“We took measures to contain the incident, reported it to law enforcement, and we conducted a thorough investigation with the assistance of a third-party forensic firm,” Empress said in the letter. “Our investigation determined that an unauthorized party first gained access to certain systems on our network on May 26, 2022, and then copied a small subset of files on July 13, 2022.”

The notice also revealed that those files contained patient names, dates of service, insurance information, and in some cases, Social Security numbers (SSNs).

However, according to databreaches.net (who got in contact with the threat actors), the data leak is far greater than what Empress disclosed.

According to this report, the group allegedly behind the attack is the infamous Hive ransomware crew. This group also attacked telecommunications operator Bell Canada last week.

Hive shared its ransom note with reporters, revealing that they were within Empress’ infrastructure for around 12 days exfiltrating 280 GB of data before encrypting the company’s systems.

About the Author

Colin Thierry
Colin Thierry
Cybersecurity researcher and journalist
Published on: September 20, 2022

About the Author

Colin Thierry is a cybersecurity researcher and journalist who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.