According to a notice on its website, the Tulsa-based Emergency Medical Services Authority (EMSA) noticed suspicious activity on its IT networks on February 13. Consequently, the organization shut down certain systems as a proactive measure and mailed out letters to patients whose information may have been stolen.
The notice reads that an investigation was launched and “determined that an unauthorized party gained access to our network and, between February 10, 2024, and February 13, 2024, acquired files that contained information of certain EMSA patients.” The data involved varied, EMSA claimed, but “generally included one or more of the following: name, address, date of birth, date of service, and, for some, name of primary care provider and/or Social Security number.”
“EMSA said they were unable to provide services to the community during the hack,” Paris Rain and Gavin Pendergraff reported on March 28 for Fox23 News. “The EMSA data breach has affected 611,743 individuals,” Steve Alder with The HIPAA Journal wrote on March 25.
According to the notice on its website, EMSA commits to adopting additional safeguards to protect its systems. EMSA says that credit monitoring and identity protection support services will be offered to people whose social security numbers were involved.
Cybersecurity within healthcare systems has been a hot topic in recent months, especially since the February 21 ransomware attack on Change Healthcare, which left health systems nationwide scrambling.
“As an industry and as an organization in the industry, we need to be able to withstand an attack and continue to operate our business in a way that doesn't impact patients and hopefully doesn't result in very impactful financial costs to the organization,” Steve Cagle, M.B.A., H.C.I.S.P.P., CEO of Clearwater recently advised in an interview with Healthcare Innovation.