The Journal of Emergency Medical Services reports that AAA Ambulance Service in Mississippi was the target of an attempted ransomware attack over the summer.
A notice posted on the ambulance service’s site explains that on or about July 1, they discovered an attempted attack, and took immediate steps to prevent the encryption of their systems and to harden their security and investigate the incident.
On August 26, 2020, after thorough investigation, AAA learned that the personal information of certain individuals may have been accessed or taken during the incident. While we are not aware of the misuse of any information potentially impacted, we are providing this notice and providing information regarding steps individuals can take to protect their information.
The types of information that may have been accessed or exfiltrated included:
individuals’ first and last name, in combination with one or more of the following data elements: date of birth, social security number, driver’s license number, financial account number, diagnosis information, medical treatment information, patient account number, prescription information, medical record number and/or health
insurance information.
While offering credit monitoring help and advice to those potentially affected, the service reiterates that “there is no evidence to suggest that any personally identifiable information or personal health information has been actually misused.”
While that is better than saying that the data definitely has been misused, given how well threat actors cover their tracks, may hang on to data, and may have numerous places to list it or sell it, it’s always best to remain vigilant and perhaps assume the worst so that you protect yourself from possible identity theft or fraud.