US healthcare firm EmCare Inc disclosed that a number of employees’ email accounts had been accessed, potentially exposing personal information of almost 60,000 people, including 31,000 patients.
EmCare is owned by Envision Healthcare, it is a leading provider of physician jobs for emergency medicine, inpatient physician services, radiology management programs and other healthcare services.
It has more than 700 practices at locations ranging from major hospitals and health systems to rural hospitals and ambulatory care centers.
“Patients impacted by this incident may have received medical care from a clinician employed by or engaged with an affiliate of EmCare. These services may have been provided in an Emergency Department or as inpatient services in a hospital.”
The company discovered the intrusion on February 19, hackers compromised some employees’ email accounts and gained access to some patients’, employees’ and contractors’ personal information.
“On Feb. 19, 2019, EmCare determined that the impacted email accounts contained some patients’, employees’ and contractors’ personal information, including name, date of birth or age, and for some patients, clinical information. In addition, in some instances, Social Security and driver’s license numbers were impacted.” continues the notice.
At the time of publishing, the company pointed out that there is no evidence to suggest that the information has been misused.
The extent of the security incident is still unclear, we have no information about the number of accounts that were accessed by the intruders. The company did not provide technical details about the hack.
In my humble opinion, the fact that employees were keeping patients’ data unprotected into their email accounts is very disturbing.
“As a general precautionary measure, individuals should remain vigilant about protecting themselves against potential fraud or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely.” concludes the notice.
“If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to the proper law enforcement authorities, including the police and their state’s attorney general.”