Compromised EmCare email accounts put data of 60,000 at risk

Register now

A national provider of medical professionals for U.S. hospitals had employees’ email accounts accessed by hackers, potentially exposing the data of 60,000 patients and physicians.

EmCare and its affiliates recently noticed that an unauthorized third party obtained access to “a number of EmCare employees’ email accounts,” according to the notice issued by the Dallas-based company. The incursion was believed to have occurred in February, but was announced only this past week.

“Patients impacted by this incident may have received medical care from a clinician employed by or engaged with an affiliate of EmCare,” the notice indicated. “These services may have been provided in an emergency department or as inpatient services in a hospital.”

EmCare’s physicians work in emergency departments and inpatient services of multiple hospitals. After learning of the hacking of several employees’ email accounts, the organization retained a forensic security firm, which determined seven pieces of protected health information may have been compromised. “EmCare determined that the impacted email accounts contained some patients’, employees’ and contractors’ personal information, including names, dates of birth or age, and for some patients, clinical information. In addition, in some instances, Social Security and driver’s license numbers were impacted,” the company’s notice stated.

“There is no evidence to suggest that information has been misused or that anyone will attempt to misuse the information,” EmCare contends in its breach notification. “In addition, EmCare is not aware of any individuals who have been impacted by fraud or identity theft as a result, and does not know if any personal information was actually obtained by an unauthorized party.”

Individuals with compromised Social Security or driver’s license numbers are being offered credit monitoring and identity protection services from Experian, and all affected persons received information on what to do if they detect suspicious activity on any account.

“EmCare is taking measures to help prevent this type of incident from occurring in the future, included implementing advanced technology solutions and providing all employees further training and reminders about email and information technology security,” the organization noted.

For reprint and licensing requests for this article, click here.