Empress EMS

Empress EMS, also known as Empress Emergency Medical Services, operates as a provider of emergency medical transport and related services within the United States healthcare sector. The organization's core function involves responding to medical emergencies and transporting patients, which necessitates the handling of sensitive personal health information including names, service dates, insurance details, and in some cases Social Security numbers. The scale of its operations is indicated by the significant data breach disclosed in July 2022, which impacted over 318,000 individuals, suggesting a substantial patient base and volume of services across its operational footprint. While specific geographic service areas or facility counts are not detailed in the available information, the breach's magnitude points to a considerable reach within the emergency medical services landscape. The organization's work places it within a highly regulated segment of critical infrastructure, where data security and patient privacy are paramount concerns due to the nature of the information processed during emergency care and transport.

In July 2022, Empress EMS was the victim of a sophisticated ransomware attack attributed to the Hive criminal gang. This incident represented a classic double-extortion scheme where the attackers first exfiltrated files from the organization's systems and subsequently deployed encryption to disrupt operations. The stolen data encompassed a wide array of personal and medical information, leading to the public exposure of this data on the dark web after initial removal of a leak entry by the perpetrators. The organization's public response included notifying affected individuals and offering credit monitoring services, while also stating it was enhancing its security measures. Concurrently, a consumer rights law firm initiated an investigation into potential litigation on behalf of those impacted. A separate, contemporaneous report noted a disruption to the organization's online services, evidenced by an inaccessible security notice page, though specific details linking this directly to the ransomware event or outlining additional operational impacts were not provided in the available materials. The incident underscores the persistent targeting of healthcare entities by ransomware groups seeking both financial extortion and the leverage of stolen sensitive data.