EMS Management and Consultants reports MOVEit related data breach

On August 9, 2023, EMS Management and Consultants Inc. ("EMS|MC") reported a data breach after uncovering a vulnerability within the MOVEit file transfer system utilized by EMS|MC. This vulnerability enabled an unauthorized entity to gain access to consumer information.

EMS|MC provides medical billing services to emergency medical service providers, necessitating the sharing of pertinent information. MOVEit, a file-transfer software employed by EMS|MC, was compromised, with Progress Software, the software's developer, acknowledging these breaches in May and June 2023.

Both Augusta Fire Rescue and Fayette County emergency services have already reported that they are impacted by the breach of the EMS Management and Consultants Inc. MOVEit instance.

EMS|MC implemented available software patches and initiated an inquiry into the incident. The investigation confirmed that on May 29, 2023, an unauthorized party accessed the company's MOVEit server and extracted specific files containing confidential data.

The compromised data varied per individual but potentially encompassed sensitive details like

• names,
• transport dates,
• Social Security numbers,
• dates of birth,
• financial account particulars,
• encounter/transport numbers,
• billing codes,
• additional patient data.

EMS|MC didn't disclose the number of affected individuals.

On August 9, 2023, EMS Management and Consultants initiated the distribution of data breach letters to all individuals impacted by this recent security incident. These letters are designed to provide affected parties with a comprehensive list of their compromised information.