DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NY: Empress EMS hit by Hive ransomware

Posted on September 15, 2022 by Dissent
Image: Source

On September 9, Empress EMS in New York contacted HHS to report an incident that affected 318,558 patients. According to a notice on their website, an unauthorized individual gained access to their system on May 26 and copied what they describe as a “small subset of files” on July 13. On July 14, Empress discovered the breach when their files were encrypted.

What their disclosure does not reveal is that the ransomware group was Hive.

Correspondence from Hive to Empress shared exclusively with DataBreaches showed that Hive contacted Empress on July 14 and 15 by email. In their first email, they wrote, in part:

! ! ! DO NOT TRY TO DECRYPT OR CHANGE ENCRYPTED FILES ON YOUR COMPUTERS, IT WILL COMPLETELY DESTROY THEM ! ! !

Ladies and gentlemen! Attention, please!
This is HIVE ransomware team.

We infiltrated your network and stayed there for 12 days (it was enough to study all your documentation and gain access to your files and services),
encrypted your servers.
Downloaded most important information with a total size over 280 GB
Few details about information we have downloaded:
– contracts, nda and other agreements documents
– company private info (budgets, plans, investments, company bank statements, etc.)
– employees info (SSN numbers, emails, addresses, passports, phone numbers, payments, working hours, etc.)
– customers info (SSN numbers, emails, addresses, passports, phone numbers, payments, working hours, etc.)
– SQL databases with reports, business data, customers data, etc.
– approximate number of personal records including addresses and ssn’s data is above 10000 units

A sample of files provided to Empress with Hive’s July 15 email, also provided to DataBreaches, included protected health information of some of Empress EMS’s patients. Hive claimed to have more than 100,000 Social Security numbers as part of the data they exfiltrated.

Empress EMS does not currently appear on Hive’s leak site, although it briefly appeared in July long enough to be detected by RedPacket Security and tweeted. As of the time of this publication, Empress is not listed on Hive’s leak site, and DataBreaches does not believe that Hive has dumped or leaked any sensitive information (or, at least, not yet).

DataBreaches had reached out to Empress in July to ask them about the incident and about whether the encryption was impairing their ability to provide emergency medical care. They never replied, but DataBreaches never saw any alerts on their website about any interruptions or delays in service.

Category: Breach IncidentsHealth DataMalwareU.S.

Post navigation

← Fired Uber attorney testifies against ex-security chief in trial over 2016 data breach cover-up
Vulnerability allows access to credentials in Microsoft Teams →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report