Terré Gables of KFOR reports:
Emergency Medical Services Authority (“EMSA”) says, it has identified suspicious activity in its IT network and is mailing letters to patients whose information may have been involved.
According to EMSA, on February 13, 2024, EMSA identified suspicious activity in its IT network. EMSA immediately initiated its incident response protocols, which involved shutting off select systems as a proactive measure.
[…]
The investigation determined that an unauthorized party gained access to its network and, between February 10, 2024 and February 13, 2024, acquired files that contained information pertaining to certain EMSA patients. The information involved varied by individual, but generally included one or more of the following: name, address, date of birth, date of service, and, for some, name of primary care provider and/or Social Security number.
Read more at Yahoo!
No ransomware group has publicly claimed responsibility for the attack. EMSA’s substitute notice can be found at their website.