• World CyberCon India
Firewall Daily Ransomware

Ambulance Service Provider Empress EMS Hit by Ransomware Attack

Patient data of nearly 318,558 was disclosed in the cyber-attack on Empress EMS.

Ambulance Service Provider Empress EMS Hit by Ransomware Attack
  • PublishedSeptember 19, 2022
Listen to this story

Empress EMS which provides emergency and non-emergency medical transportation in New York State was hit by a ransomware attack. According to a notice published by the healthcare provider, the incident was identified on July 14 wherein several systems on its network were encrypted. This hampered accessing the data on those systems.

Details of the Ransomware Attack

Hackers attacked the system of Empress EMS on May 26, 2022, and exfiltrated several pieces of content in July, 13. Over 318,558 patient data were breached. Empress EMS published a notice of security incident stating that the breached information included Social Security numbers, patient names, dates of service, and insurance information.

Attack linked to Hive Ransomware Gang

The incident has been linked to the Hive ransomware team. DataBreaches.net which provides information about cyber-attacks published details of communication between Hive and the Empress EMS on its website. It read,


Ladies and gentlemen! Attention, please!

This is HIVE ransomware team.

We infiltrated your network and stayed there for 12 days (it was enough to study all your documentation and gain access to your files and services),

encrypted your servers.

Downloaded most important information with a total size over 280 GB

Few details about information we have downloaded:

– contracts, nda and other agreements documents

– company private info (budgets, plans, investments, company bank statements, etc.)

– employees info (SSN numbers, emails, addresses, passports, phone numbers, payments, working hours, etc.)

– customers info (SSN numbers, emails, addresses, passports, phone numbers, payments, working hours, etc.)

– SQL databases with reports, business data, customers data, etc.

– approximate number of personal records including addresses and ssn’s data is above 10000 units.”

Healthcare is a critical sector, and such ransomware attacks pose a danger to the lives of people. RedPacket Security which provides infosec news made a disclosure titled ‘HIVE Ransomware Victim: Empress EMS’ on its blog on July 28, 2022. It read “Empress EMS with the company website ‘empressems[.]com’ was cyber-attacked on 14 July 2022 – 09:24:00” wherein its data was encrypted. The date when it was disclosed was mentioned to be 7/26/2022 followed by information stating that the files were made available to be downloaded.

The encrypted files were made available on the dark web in July which posed a risk to the privacy of the users. RedPacket Security reported on its blog that the information was redacted from the HIVE Onion dark web tor blog page.

Empress EMS Acts Fast

To prevent further damage, Empress EMS reported the incident to law enforcement and also had a third-party forensic firm conduct a thorough investigation. Affected users are being alerted about the data breach and ransomware attack by mail. The company urged impacted individuals and otherwise to review their healthcare statements for any inaccuracies in terms of services they received. The same can be reported to its provider.

They can use the credit monitoring services offered to check their credit in the wake of the incident. Users may contact the dedicated external call center as well for any queries at 844-690-1251, Monday through Friday between 9.00 a.m. to 9.00 p.m.

American consumer rights law office Cole & Van Note has also taken up the case for further investigation and to help provide compensation to its clients for any losses.


Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.