Email Breach at EmCare Exposes Personal Data of 31,000 Patients

An email breach at EmCare, a Florida-based physician staffing company, has exposed personal data from 60,000 people, including 31,000 patients.

Information exposed in the mid-February breach included names, dates of birth, Social Security numbers, driver’s license numbers, and clinical details. An unauthorized third party gained access to the information through employee email accounts.

EmCare, which provides emergency room staffing and billing services for hospitals, said it does not know whether the personal information within the breached accounts has been obtained, but the data does not appear to have been used for fraud or identity theft. The company has hired a forensic security firm to determine the scope of the violation and is taking steps towards preventing another breach, such as email security training for employees.

“Our focus is on providing impacted individuals [with] information about the incident and guidance on how they can protect themselves,” an EmCare spokesperson wrote to Modern Healthcare in an email. The company is providing identity protection and credit-monitoring services to the affected patients, employees, and contractors.

Email breaches represent a quarter of all health-care information breaches, of which there has been an industrywide increase over the past several years.

Sources: AP News, April 20, 2019; Modern Healthcare, April 22, 2019.