EMS Management and Consultants, Inc. (“EMS | MC”) recently notified certain customers in Fayette County, of an incident that may have impacted the privacy of information related to certain patients.
EMS | MC is a billing services provider for Fayette County Fire and Emergency Services. While EMS | MC is unaware of any actual or attempted misuse of information in relation to the incident, it is providing potentially affected individuals with information about the incident and steps individuals may take to help protect their information should they feel it is necessary to do so.
On May 31, 2023, and again in June 2023, Progress Software Corp. publicly disclosed zero-day vulnerabilities that impacted the MOVEit Transfer tool. Our billing services provider, EMS Management and Consultants Inc. (“EMS | MC”), is a user of that tool. EMS|MC moved quickly to apply available patching and undertook recommended mitigation steps.
EMS | MC promptly launched an investigation, with the assistance of third-party cybersecurity specialists, to determine the potential impact of the vulnerabilities’ presence on the MOVEit Transfer server on the security of data housed on the server.
EMS|MC’s investigation determined that an unknown actor exploited vulnerabilities, accessed the MOVEit Transfer server on May 30, 2023, and took certain data from the MOVEit Transfer server during that time. EMS | MC subsequently undertook a time-consuming and detailed review of the data stored on the server at the time of this incident to understand the contents of that data and to whom that data relates.
EMS | MC is mailing notice letters on behalf of its EMS agency customer to the impacted individuals for whom they have valid mailing addresses. On July 10, 2023, EMS | MC determined that certain information relating to 2,625 individuals associated with Fayette County Fire and Emergency Services was present in 94 files on the impacted server at the time of the event.
EMS | MC and its customers encourage potentially affected individuals to remain vigilant against incidents of identity theft by reviewing their account statements and explanation of benefits for unusual activity.
Interested individuals can find additional information by calling Kim Stanley at 336.714.9091.