A municipal ambulance services provider that serves 15 cities in a Texas county has reported to federal regulators a ransomware breach potentially affecting 612,000 individuals, which is equivalent to nearly 30% of the county’s 2.1 million population.
Metropolitan Area EMS Authority, a Texas government administrative agency that does business as MedStar Mobile Healthcare, reported the hacking incident to the U.S. Department of Health and Human Services’ Office for Civil Rights on Dec. 19. MedStar, which provides ambulance services in Tarrant County, Texas, reported that on Oct. 20, it experienced “issues” with its network systems.
Colman McCarthy, an attorney at law firm Shook, Hardy & Bacon, which represents MedStar, tells Information Security Media Group the breach involved ransomware. MedStar did not pay a ransom but was able to fully restore its systems.
“Access to a portion of MedStar’s network was affected. All servers were back online within 48 hours,” McCarthy says. “Throughout the incident, MedStar continued to provide emergency medical services to the communities it serves.”
MedStar is still determining the full scope of the incident and intends to offer credit monitoring “as required by law and in line with industry practice.”
In its breach notification statement, MedStar says an unauthorized third party gained access to a restricted location in MedStar’s computer network that contained a number of files, including some containing personal health information.