Posted On September 16, 2022 Consumer Privacy & Data Breaches
On September 9, 2022, Empress EMS reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company experienced what appears to have been a ransomware attack. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following data types: patient names, Social Security numbers, dates of service, and insurance information. After confirming that consumer data was leaked, Empress EMS began sending out data breach notification letters to the 318,558 individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Empress EMS data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Empress EMS.
According to the company’s filings, on July 14, 2022, Empress EMS detected a network security incident, apparently when some or all of the company’s computer system was encrypted. The company’s investigation confirmed that an unauthorized party first gained access to the Empress EMS system on May 26, 2022 and subsequently copied files from the network on July 13, 2022. While the breached information varies depending on the individual, it may include your name, the date you received service from Empress EMS, your Social Security number, and your insurance information.
On September 9, 2022, Empress EMS sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to the U.S. Department of Health and Human Services Office for Civil Rights, these letters were sent out to 318,558 people. Empress EMS is offering all people impacted by the breach free credit monitoring and is recommending they review their healthcare statements for accuracy and contact their provider if they see services they did not receive.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Empress EMS data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Empress EMS (the actual notice sent to consumers can be found here):
At Empress EMS, we are committed to protecting the privacy and security of our patients’ information. Regrettably, we recently identified and addressed a cybersecurity incident involving some of that information. This letter explains the incident, measures we have taken, and some steps you may consider taking in response.
On July 14, 2022, we identified a network incident resulting in the encryption of some of our systems. We took measures to contain the incident, reported it to law enforcement, and we conducted a thorough investigation with the assistance of a third-party forensic firm. Our investigation determined that an unauthorized party first gained access to certain systems on our network on May 26, 2022, and then copied a small subset of files on July 13, 2022.
Some of these files contained patient names, dates of service, insurance information, and in some instances, Social Security numbers. Empress EMS is mailing letters to affected individuals and offering eligible individuals credit monitoring services. We’re also recommending that patients review their healthcare statements for accuracy and contact their provider if they see services they did not receive.
If you believe you may be affected but do not receive a letter by October 9, 2022, please contact our dedicated external call center at [Redacted], Monday through Friday, 9:00 a.m. to 9:00 p.m., Eastern Time, except major US holidays.
We take this matter very seriously and deeply regret any inconvenience to our patients. To help prevent something like this from happening again, we strengthened the security of our systems and will continue enhancing our protocols to further safeguard the information in our care.