Ohio-based Stark Summit Ambulance has disclosed a data security incident impacting employees and patients.
On May 28, 2020, the firm learned of unusual activity involving one Stark Summit Ambulance employee email account. Over the next few months, as they continued investigating, they discovered more employee email accounts that had been compromised. By the end of July, they had reset all passwords and had determined that six compromised employee email accounts held personal and protected health information.
Notification was sent out to affected individuals on September 4. In a press release issued yesterday, they state that personal and protected health information may have included:
first name or first initial and last name in combination with one or more of the following: Social Security number, driver’s license number, state ID number, or passport numbers, checking or savings account, credit or debit card number, or personal identification (PIN) code, medical diagnosis, medical treatment information, treatment type, treatment location, clinical information, mental or physical condition, health care provider/doctor name, date of service, medical history information, health insurance information, Medicare/Medicaid number, other health care payment/cost information, and prescription information.
Stark Summit Ambulance has established a toll-free call center to answer questions about the incident and to address related concerns. Call center representatives are available Monday through Friday from 9:00 am – 9:00 pm eastern and can be reached at 833-901-0918.
The incident was reported to the FBI and the ambulance firm is cooperating with the investigation.