swidup
commented
5 months ago https://emsaonline.com/news/cyber-security-notice/#
"Cyber Security Incident Notice to Our Patients A Notice to Our Patients
The Emergency Medical Services Authority is committed to protecting the confidentiality and security of our patients’ information. Regrettably, we recently identified and addressed a security incident that involved some of that information.
On February 13, 2024, EMSA identified suspicious activity in our IT network. We immediately initiated our incident response protocols, which involved shutting off select systems as a proactive measure. We also launched an investigation with the assistance of a third-party forensic firm and notified law enforcement. The investigation determined that an unauthorized party gained access to our network and, between February 10, 2024 and February 13, 2024, acquired files that contained information pertaining to certain EMSA patients. The information involved varied by individual, but generally included one or more of the following: name, address, date of birth, date of service, and, for some, name of primary care provider and/or Social Security number.
As a precaution, we are mailing notification letters to patients whose information may have been involved and for whom we have sufficient contact information. We have also established a dedicated, toll-free call center to answer questions about the incident. If you have questions, please call (866) 495-7098, available Monday through Friday, from 8:00 a.m. to 5:30 p.m. Central Time. We are providing individuals whose Social Security numbers were involved with a complimentary offer to credit monitoring and identity protection support services. Additionally, we’d like to remind patients that it is always a good idea to carefully review the communications they receive from their healthcare providers, including electronic messages, billing statements, and other written communication. If patients see charges for services they did not receive, they should contact the issuing provider immediately.
To help prevent something like this from happening again, we have implemented, and will continue to adopt, additional safeguards to further protect and monitor our systems."
https://www.hipaajournal.com/benefytt-emsa-lindsay-municipal-hospital-affected-by-cyberattacks/
"The Emergency Medical Services Authority (EMSA) in Oklahoma City, OK, has announced that it fell victim to a cyberattack that saw unauthorized individuals gain access to its network between February 10, 2024, and February 13, 2024. The intrusion was detected on February 13, 2024, and systems were shut down to prevent further unauthorized access. The forensic investigation confirmed that the attackers exfiltrated files containing patient data including names, addresses, dates of birth, dates of service, and, for some individuals, the name of their primary care provider and/or Social Security number.
Notification letters have started to be mailed to the affected individuals, although EMSA has yet to publicly confirm how many individuals have been affected. Complimentary credit monitoring and identity theft protection services have been offered to individuals who had their Social Security numbers exposed."