Phishing Attack on EmCare Resulted to the Exposure of 60,000 Records

The physician staffing firm EmCare based in Dallas, Texas announced a data breach that affected about 60,000 people. Of the 60,000, 31,000 were patients.

The compromised data was specified in messages and attachments in the email accounts of employees that an unauthorized person accessed after a number of employees replied to phishing emails and shared their email credentials. Emcare’s breach notice did not clearly state when the breach took place and the amount of time the attackers accessed the email accounts.

EmCare discovered the breach on February 19, 2019 and started an investigation. The third-party computer forensics firm found out that there were data of patients, employees, and contractors in the compromised email accounts, including names, birth date, demographic data, clinical data, driver’s license numbers and Social Security numbers, which the attackers potentially accessed or copied.

The investigators did not find any proof that suggest that attackers accessed or exfiltrated patient or employee data, but the risk cannot be ruled out. To date, there is no report received that indicate the misuse of patient or employee data.

Emcare is providing complimentary one year of credit monitoring and identity theft protection services to those who had their Social Security numbers or driver’s license numbers potentially compromised.

Emcare sent notifications letters to affected persons on April 19, 2019, that is 59 days after discovering the breach. The issuance of breach notification was just one day before the deadline of the HIPAA Breach Notification Rule reporting.

In response to the breach, EmCare implemented a variety of “advanced IT solutions” and provided additional training to employees about email security.