article featured image


New York-based company, Empress EMS (Emergency Medical Services), has disclosed through an official notification that it’s been the victim of a ransomware attack on July 14, 2022.

Further investigations found that the intruder gained access to the company’s systems on May 26, 2022. On the 13th of July, “a small subset of files” was exfiltrated by the attackers.

The Incident Explained

According to the U.S. Department of Health and Human Services, over 300 thousand individuals were affected by the data breach. Some of the information obtained by the hackers include patient names, dates of services, insurance information, and Social Security numbers.

Details of the incident hint that the company was the victim of a standard double-extortion ransomware incident, where the attackers stole the files, encrypted their systems, and threatened Empress EMS with the publishing of data unless a ransom is paid.

Empress EMS did not give any information about the group that carried out the attack. BleepingComputer claims that the Hive ransomware gang was actually responsible for the attack. For the stolen data, the gang had created a private entry, which was later taken down from the website.

Additional proof that Hive was responsible for the cyberattack has been made public by DataBreaches.net. The source revealed an email sent to Empress EMS by the attackers in which they revealed their involvement in the attack and the information they were able to gather. Hive was able to access about 280 GB of data, including SQL databases with reports, company data, customers data, and other information.

Investigations Are Being Made

The incident was reported to law enforcement and Empress EMS took measures to contain it.

We strengthened the security of our systems and will continue enhancing our protocols to further safeguard the information in our care.


American consumer rights law firm Cole & Van Note declared that they are looking into the situation to determine whether there is a basis for legal action or financial compensation on behalf of the affected parties.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Cristian Neagu


linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.