MedEx Ambulance Provides Notice of Data Security Incident
SKOKIE, IlI., April 18, 2025 /PRNewswire/ -- Medical Express Ambulance Inc. D/B/A MedEx Ambulance ("MedEx") recently experienced a data security incident that may have resulted in unauthorized access to patient health information and employee personal information. While this incident did not significantly impact our ability to serve our patients, this posting is intended to provide notice of the Incident, steps we are taking in response to the Incident, and resources available to help you protect against the potential misuse of information. At this time, we have not received any reports of related misuse of health information since the date of the Incident.
What Happened? On March 18, 2024, MedEx experienced a network disruption that impacted the functionality and access of certain systems. Upon discovery of this incident, MedEx immediately disconnected all access to the network and promptly engaged a specialized third-party cybersecurity firm and IT personnel to assist with securing the environment, as well as, to conduct a comprehensive forensic investigation to determine the nature and scope of the incident. The forensic investigation determined that personal information may have been acquired by the threat actor.
Based on these findings, MedEx decided to proceed with an analysis of the compromised data for any potential sensitive personal information ("PII") or protected health information ("PHI"). MedEx engaged a third-party vendor to review the data that was compromised. The data mining process took some time given the complexities of the types and volume of the data analyzed, requiring multiple phases of automated and manual review. On March 3, 2025, MedEx engaged a third-party notice vendor to assist with the mailings, call center, and provide identity theft protection services for those whose sensitive information was impacted. Thereafter, MedEx worked to verify the patient information and addresses for mailing. On March 19, 2025, MedEx finalized the list of individuals to notify.
What Information Was Involved? The information affected varied for each impacted individual. Based on the investigation, the following information related to potentially impacted individuals may have been subject to unauthorized access: Name; date of birth; demographic information, Social Security number, driver's license number; state identification number; medical information; financial information; health insurance information; username and password; and for some, passport information. Please note that the information above varies for each potentially impacted individual. In light of the incident, we provided affected individuals with certain categories of sensitive information impacted with complimentary credit monitoring and identity theft restoration services. Affected individuals have been notified by mail with enrollment information.
What Are We Doing? Data privacy and security are among MedEx's highest priorities, and there are extensive measures in place to protect information in MedEx's care. Since the discovery of the Incident, MedEx moved quickly to investigate, respond, and confirm the security of our systems. Specifically, MedEx engaged a specialized third-party cybersecurity firm, changed administrative credentials, notified law enforcement, and continues to enhance its network security to prevent a similar incident from occurring in the future. Additionally, MedEx took the following steps, including, but not limited to: disconnecting all access to the network; implementing an organization-wide credential reset of all users; restructured and enhanced security systems, and upgrading our data management software.
What You Can Do: We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious or unauthorized activity. Additionally, security experts suggest that you contact your financial institution and all major credit bureaus to inform them of such a breach and then take whatever steps are recommended to protect your interests, including the possible placement of a fraud alert on your credit file. Again, at this time, we have not received any reports of related misuse of personal health information since the date of the Incident.
Other Important Information: We recognize that you may have questions not addressed in this notice. If you have additional questions, please call 855-659-0097, Monday through Friday, 9:00 A.M. to 9:00 P.M. Central Time, except holidays.
MedEx sincerely regrets any inconvenience or concern that this matter may cause and remains dedicated to ensuring the privacy and security of all information in our control.
Sincerely,
MedEx Ambulance Service
View original content:https://www.prnewswire.com/news-releases/medex-ambulance-provides-notice-of-data-security-incident-302432743.html
SOURCE Medical Express Ambulance Inc.