Alexander County is one of several counties affected by a data breach in the system used by Emergency Medical Services (EMS), which may affect some patients. Surrounding counties were also affected in the breach.
The firm EMS Management and Consultants (EMS|MC), the county’s EMS billing services provider, is mailing letters to patients who have been affected by the data breach. If Alexandrians were transported by one of the surrounding counties’ EMS ambulances, they may receive a notice from that county as well.
EMS|MC issued the following statement on the data breach on August 21, 2023:
ALEXANDER COUNTY EMS NOTICE OF DATA EVENT
EMS Management and Consultants, Inc. (“EMS|MC”) recently notified Alexander County EMS of an incident that may have impacted some information related to certain patients.
On May 31, 2023, and again in June 2023, Progress Software Corp. publicly disclosed that its MOVEit Transfer tool had been compromised. Our billing services provider, EMS Management and Consultants Inc. (“EMS|MC”), is a user of that tool. EMS|MC moved quickly to patch the tool and undertook recommended mitigation steps. EMS|MC promptly launched an investigation, with the assistance of thirdparty cybersecurity specialists, to determine the potential impact of the incident. EMS|MC’s investigation determined that an unknown actor accessed the MOVEit Transfer server on May 30, 2023, and took certain data from the server during that time. EMS|MC then engaged a third-party data analysis firm to perform a detailed review of the involved data to understand the contents of that data and to whom it relates. Through this review EMS|MC learned that some patients’ information was included within the data.
While EMS|MC is unaware of any misuse of information in relation to the incident, it is providing potentially affected individuals with steps they may take to help protect their information should they feel it is necessary to do so.
EMS|MC is mailing notice letters on behalf of its EMS agency customer to the impacted individuals for whom they have valid mailing addresses. The types of potentially impacted information for patients may include name, date of transport, social security number, date of birth, encounter/transport number, billing codes, and other patient information related to the ambulance transport.
EMS|MC and its customers encourage potentially affected individuals to remain vigilant against incidents of identity theft by reviewing their account statements and explanation of benefits for unusual activity.
Interested individuals can find additional information about the event and how they can help protect their personal information at www.emsbilling.com/notice. They may also contact the toll-free call center, which is dedicated to responding to inquiries about this incident at (833) 318-2801, reference code B100189.