Ambulance service provider Empress EMS gets hit by ransomware

September 24, 2022
Ambulance Service Provider Empress EMS Ransomware Attack

New York’s ambulance service provider, Empress EMS, has revealed that they experienced a ransomware attack last July that could have exposed its customer information online.

According to reports, the ransomware operators acquired initial access to the ambulance service provider in May this year. A couple of months later, the attackers stole small file samples from Empress EMS before executing an encryption method.

Unfortunately, the small file samples included several patient names, birth dates of service, SS numbers, and insurance information. Empress EMS quickly deployed mailing letters to affected individuals and offered credit monitoring services to assure them they were in good hands.

The reports described the attack as a typical double extortion ransomware campaign, in which threat actors snatch files, encrypt targeted systems, and threaten the target with data exposure if a ransom is not provided.

 

The ambulance service provider did not identify the culprit, but researchers think it was linked with the Hive ransomware group.

 

The disclosure of the threat group was held in secrecy by the ambulance service provider. Still, a separate researcher discovered that the Hive ransomware group had suspiciously prepared a public entry on the Empress’ system last July.

Based on the observations, the ransomware actors have deleted the associated entry collected from Empress EMS’ website. However, they have verified that the Hive ransomware group published the data after reviewing past dark web data from an intelligence company.

The New York-based ambulance service provider recently notified the US Department of Health and Human Services that the possible affected individuals are over 30,000. Still, there are lingering concerns that the given number is higher than what was provided.

The notice elaborated that the customers who have not received a letter should contact Empress by the first week of October to acquire the free credit monitoring services.

Empress EMS assured everyone that it had fortified its cybersecurity systems and protocols to avoid similar attacks from occurring again.

About the author

Leave a Reply