Cyber Incident Victim: NorthStar Emergency Medical Services
Date:
Sep 2022
Location:
United States of America
Summary
A cybersecurity breach at NorthStar Emergency Medical Services potentially compromised sensitive personal and health information of approximately 82,000 patients. The unauthorized access involved names, Social Security numbers, dates of birth, treatment details, insurance information, and government program identifiers. The organization detected unusual network activity, secured its systems, and initiated an investigation with external cybersecurity experts. Following a comprehensive data review, affected individuals were notified via mailed letters and a public website announcement. While no evidence of data misuse was identified, the company enhanced its security measures, reported the incident to law enforcement, and established a dedicated call center for impacted patients to address inquiries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 16, 2022, NorthStar Emergency Medical Services detected unusual activity within its digital environment, prompting immediate action to secure its systems. The organization engaged independent cybersecurity experts to investigate the incident, which revealed unauthorized access to certain network-stored data. Following this discovery, NorthStar initiated a comprehensive review of the affected data to identify compromised personal or protected health information. The review concluded on March 8, 2023, confirming that sensitive information belonging to approximately 82,000 current and former patients might have been exposed. The potentially accessed data included individuals' full names, Social Security numbers, dates of birth, patient ID numbers, treatment details, Medicare/Medicaid identifiers, and health insurance information. NorthStar found no evidence of actual misuse of the data for identity theft or other cybercrimes. The organization delayed public notification until completing its internal review nearly six months after detecting the breach.
NorthStar formally announced the breach on March 14, 2023, through its website and mailed physical notifications to affected individuals. The company established a dedicated toll-free call center operating weekdays from 8 a.m. to 8 p.m. Central Time to address patient inquiries, accessible at 833-753-4562. As part of its response, NorthStar reported the incident to relevant law enforcement agencies and implemented enhanced cybersecurity measures across its network infrastructure. While acknowledging the potential risks to patient privacy, the organization emphasized its commitment to data protection and expressed regret for any inconvenience caused. Affected individuals were advised to follow Federal Trade Commission recommendations for safeguarding personal information against potential identity theft or fraud. The breach investigation did not disclose specific technical details regarding the attack vector, duration of unauthorized access, or identity of threat actors.