Empress EMS in New York was hit by the Hive ransomware group that affected 318,558 patients.
An unauthorized individual gained access to their system and encrypted files on their system and threatened them to not try to delete or change the encrypted files.
The group exfiltrated information like contracts, NDA and other agreements documents, company private info (budgets, plans, investments, company bank statements, etc.), employees info (SSN numbers, emails, addresses, passports, phone numbers, payments, working hours, etc.), customers info (SSN numbers, emails, addresses, passports, phone numbers, payments, working hours, etc.), SQL databases with reports, business data, customers data, etc.
TPRM report: https://www.rankiteo.com/company/empress-ambulance-svc
"id": "emp235451222",
"linkid": "empress-ambulance-svc",
"type": "Ransomware",
"date": "09/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 318558,
'industry': 'Emergency Medical Services',
'location': 'New York',
'name': 'Empress EMS',
'type': 'Healthcare'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['contracts',
'NDA and other agreements documents',
'company private info (budgets, plans, '
'investments, company bank statements, '
'etc.)',
'employees info (SSN numbers, emails, '
'addresses, passports, phone numbers, '
'payments, working hours, etc.)',
'customers info (SSN numbers, emails, '
'addresses, passports, phone numbers, '
'payments, working hours, etc.)',
'SQL databases with reports, business '
'data, customers data, etc.'],
'number_of_records_exposed': 318558,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['contracts',
'NDA and other agreements '
'documents',
'company private info (budgets, '
'plans, investments, company '
'bank statements, etc.)',
'employees info (SSN numbers, '
'emails, addresses, passports, '
'phone numbers, payments, '
'working hours, etc.)',
'customers info (SSN numbers, '
'emails, addresses, passports, '
'phone numbers, payments, '
'working hours, etc.)',
'SQL databases with reports, '
'business data, customers data, '
'etc.']},
'description': 'Empress EMS in New York was hit by the Hive ransomware group '
'that affected 318,558 patients. An unauthorized individual '
'gained access to their system and encrypted files on their '
'system and threatened them to not try to delete or change the '
'encrypted files. The group exfiltrated information like '
'contracts, NDA and other agreements documents, company '
'private info (budgets, plans, investments, company bank '
'statements, etc.), employees info (SSN numbers, emails, '
'addresses, passports, phone numbers, payments, working hours, '
'etc.), customers info (SSN numbers, emails, addresses, '
'passports, phone numbers, payments, working hours, etc.), SQL '
'databases with reports, business data, customers data, etc.',
'impact': {'data_compromised': ['contracts',
'NDA and other agreements documents',
'company private info (budgets, plans, '
'investments, company bank statements, etc.)',
'employees info (SSN numbers, emails, '
'addresses, passports, phone numbers, '
'payments, working hours, etc.)',
'customers info (SSN numbers, emails, '
'addresses, passports, phone numbers, '
'payments, working hours, etc.)',
'SQL databases with reports, business data, '
'customers data, etc.']},
'motivation': 'Data Exfiltration and Encryption',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'Hive'},
'threat_actor': 'Hive Ransomware Group',
'title': 'Empress EMS Ransomware Attack',
'type': 'Ransomware'}