DATA BREACH: Ransomware Attack On Empress EMS Leads To Identity Theft For Nearly 319,000 Patients


HIDING THE TRUTH: On July 14, #EmpressEMS in #Yonkers, New York, discovered some of its systems were encrypted with ransomware.

YONKERS: The investigation found that the attackers first gained access to the network several months before the attack deployment and used the access to steal a subset of data tied to 318,558 patients.

The stolen data included patient names, addresses, dates of service, insurance details, date of birth and Social Security numbers for most patients.

The incident has supposedly been reported to law enforcement.

#FACTS.... The Folks In Charge Of The Empress Emergency Medical Services Dispatch Center Need To Provide All OF Their #Yonkers Patients With A Couple Years Of Service From An Identity Theft Protection Company Like LifeLock....

What To Do If Your Identity Is Stolen And You Are A Victim Of Identity Theft --- Follow These Steps To Protect Yourself....

If you do find you’re a victim of identity theft, here are 10 steps to minimize the damage.Notify The Social Security Administration.

Notify companies of your stolen identity.File a report with the Federal Trade Commission.

Contact the #YonkersPoliceDepartment and file a report.Place a fraud alert on your credit reports.

Freeze your credit.Sign up for a credit monitoring service.

Tighten security on your accounts.

Review your credit reports for mystery accounts.Scan credit card and bank statements for unauthorized charges.

Don't wait to notify any company where fraudulent transactions or accounts have occurred. Call them immediately to alert them to the problem.

In cases of account takeovers, your credit card number might be compromised but thieves may not have access to your personal information.

It may be as simple as getting your bank to shut that account down.

However, if someone is opening accounts in your name, impersonating you or using your Social Security number, you may want to proactively contact other companies and agencies.

For example, you should notify the IRS if your Social Security number was used to file an income tax return; this can be done by submitting a Form 14039 Identity Theft Affidavit.

Likewise, if someone is impersonating you, alert your health insurance company in case they attempt to obtain medical care under your name or policy number.

Your medical information is a goldmine for fraudsters.

By stealing your electronic health records and other forms, thieves can discover everything from your Social Security number to previous diagnoses and current prescriptions.

Your medical file is about the most complete file someone could get on you.

This is a pathway into your life. It could make you the victim of identity theft, jeopardize your life, jeopardize your ability to get a job or be used as a point of blackmail.

If you are the victim of medical identity theft – where a thief uses your personal information to access medical goods or services – you could be billed for health care services and procedures you never accessed.

You may find that your insurance benefits have been tapped out by someone else, and you can't use them when you need them.

You might even have a debt in collections for a medical service you never used.

Put A Fraud Alert On Your Credit Report

A fraud alert will put a red flag on your credit report and notifies all lenders and creditors that they should take extra steps to verify your credibility.

In order to implement the red flag you need to contact one of the credit report agencies like Experian, Equifax, or TransUnion.

If you contact one agency, they will automatically contact the others.

Once you start the fraud alert, you will receive a free copy of your credit report from each agency.

You will need these to prove any fraudulent charges and start disputing the lines of credit.

You also have the option of placing a security freeze on each of your credit reports.

A freeze will prevent creditors from accessing your credit report at all. All new applications will be declined without access to the file.

UPDATE #1 --- EMPRESS DECIDES TO START TELLING THE TRUTH: In a data breach notice posted on its website, Empress EMS finally reveals that on July 14, 2022, it identified a ransomware attack that resulted in some of its systems being encrypted.

EMPRESS EMT INSIDER: The subsequent investigation into the incident has revealed that the attackers had gained access to the organization’s network in late May, and that they stole patient data before deploying ransomware on the compromised systems.

According to Empress EMS, the exfiltrated files contained personal information such as names and Social Security numbers, but also patient data such as dates of service and insurance information.

The emergency services provider says it has already started informing the impacted patients of the incident.

On September 9, Empress EMS informed the US Department of Health and Human Services that the incident impacted just over 318,000 individuals.

The organization did not provide further information on the type of ransomware that was used in the attack, but the Hive ransomware gang boasted to DataBreaches that they were behind the incident.

EMPLOYEE RECORDS STOLEN TOO: The Hive operators apparently contacted #EmpressEMS to inform them that they stole over 280 gigabytes of data, including business files, private company information, employee data, customer data, and more.In July, Hive posted a brief about the attack on its leak site, but removed it shortly after, likely without making public any of the stolen information.

It’s unclear whether Empress EMS paid a ransom to prevent the data leakage.

A sample of files provided to Empress with Hive’s July 15 email, also provided to DataBreaches, included protected health information of some of Empress EMS’s patients.

Hive claimed to have more than 100,000 Social Security numbers as part of the data they exfiltrated.

Empress EMS does not currently appear on Hive’s leak site causing many speculate that Empress paid the ransome to get their data back.

For Getting This Story Out And Forcing Empress EMS To Give Just About Every Household In #Yonkers An Offer Of One Year Of Free Credit Monitoring From #ExperianIdentityWorks

With A Free Credit Report And Daily Personal Online Credit Reports - Along With Identity Restoration Specialists and $1 Million Dollars In Theft Insurance.

OVER TWO MONTHS LATER: Empress Ambulance Service, is currently mailing out letters with two secret codes to enroll in the one year of #free credit monitoring services.

For more information residents in The City of Yonkers can call (833)559-0625.

UPDATE #4: More Truth Comes Out

BIG DELAY IN REPORTING TO THE FEDS: On September 9, Empress EMS in New York contacted HHS to report an incident that affected 318,558 patients.

According to a notice on their website, an unauthorized individual gained access to their system on May 26....

EMPRESS LEFT PATIENTS IN HARMS WAY: DataBreaches had reached out to Empress in July to ask them about the incident and about whether the encryption was impairing their ability to provide emergency medical care.

They never replied, but DataBreaches never saw any alerts on their website about any interruptions or delays in service....

UPDATE #5 --- RESULTS MATTER: After The Yonkers Newswire Broke The Story About The Empress Emergency Medical Services Dispatch Center Hiding A Computer Hack And Putting #Yonkers Residents In Harms Way --- These Lawyers Learned Of It And Are Now Filing A Civil Lawsuit

FOR IMMEDIATE RELEASE: Lowey Dannenberg, P.C. Investigates Empress Ambulance Service for Data Breach of Over 318,000 Patients

PRESS RELEASE: Lowey Dannenberg P.C., a preeminent law firm in obtaining redress for consumers, is investigating claims for violations of the common law, and state consumer protection statutes by Empress Emergency Medical Services ("Empress EMS"), as a result of a ransomware data breach compromising 318,558 patient records containing highly sensitive protected health information, including Social Security numbers.

YONKERS: If you received a data breach notice, or believe your information may have been compromised, by #EmpressEMS you may be entitled to compensation for the disclosure of this highly sensitive protected health information.

If you are a Empress EMS employee or patient, received a notice letter, wish to participate, learn more, or discuss the issues surrounding the investigation, please contact one of our attorneys at (914) 733-7220, or via email at 

The Yonkers Newswire

More News from Yonkers
I'm interested
I disagree with this
This is unverified