Lowey Dannenberg is investigating claims for violations of the common law and state consumer protection statutes by Empress Emergency Medical Services (“Empress EMS”), as a result of a ransomware data breach compromising 318,558 patient records containing highly sensitive protected health information, including Social Security numbers.

If you are a Empress EMS employee or patient, received a notice letter, wish to participate, learn more, or discuss the issues surrounding the investigation please fill out the contact form below or please contact one of our attorneys at (914) 997-0500, or via email at investigations@lowey.com.

What Happened and What Information Was Involved:

Empress EMS, based in Yonkers, NY provides 911 emergency medical response transportation to Westchester County communities, including Yonkers, New Rochelle, Mount Vernon, and White Plains.

On September 20, 2022, Empress EMS publicly announced that on July 14, 2022, it identified a network cybersecurity incident resulting in the encryption of some of their systems. Third-party news reports have also indicated that the “Hive” ransomware group was involved in this ransomware attack. “Hive” has purportedly claimed the exfiltrated data included patient as well as employee information.

Empress EMS has informed the U.S. Department of Health and Human Services that approximately 318,558 individuals are affected by this data breach. According to Empress EMS, their investigation determined that an unauthorized party first gained access to their network on May 26, 2022, and then copied a subset of files on July 13, 2022. These files contained the following electronic protected health information:

• patient names,
• dates of service,
• insurance information, and
• in some instances, Social Security numbers.

If you received a data breach notice, or believe your information may have been compromised, you may be entitled to compensation for the disclosure of this highly sensitive protected health information.