Electrostim Medical Services, Inc. d/b/A EMSI
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Electrostim Medical Services, Inc., doing business as EMSI, experienced a significant data breach that was first detected on May 13, 2023, when the company noticed unusual activity within its systems. This breach resulted in unauthorized access to the company’s IT network between April 27, 2023, and May 13, 2023. The investigation confirmed that an unauthorized party accessed certain files containing confidential consumer information. The types of information compromised in this breach include names, addresses, email addresses, phone numbers, diagnosis information, insurance information, subscriber numbers, and order histories. Approximately 542,990 consumers were affected by this breach[1][2].
EMSI is a medical device manufacturing company based in Tampa, Florida, and is an affiliate of Validus Group, a private investment firm. The company employs more than 356 people and generates approximately $71 million in annual revenue[1]. Following the breach, EMSI took steps to secure its systems and initiated an investigation with the help of third-party forensic specialists to determine the full nature and scope of the incident[4]. Despite the breach, EMSI has seen no evidence of any actual or attempted misuse of the information involved. However, in an abundance of caution, EMSI began notifying individuals whose information may have been impacted[4].
Victims of the breach were advised to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and monitoring their credit reports. EMSI also encouraged affected individuals to take steps to protect their personal information, such as considering placing a fraud alert or a credit freeze on their credit files[4].
In response to the breach, a class action lawsuit was filed against Electrostim Medical Services, Inc. by Sherry Heflin, on behalf of all affected individuals. The lawsuit alleges that EMSI failed to implement reasonable and industry-standard data security practices, resulting in the cyberattack and data breach. The complaint accuses EMSI of negligence in securing and safeguarding sensitive information, including personally identifying information (PII) and protected health information (PHI) as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA)[14].
This incident underscores the ongoing challenges in securing medical data and emphasizes the need for healthcare-related organizations to continually enhance their cybersecurity measures to protect sensitive patient information[8].
Citations:
- https://www.jdsupra.com/legalnews/electrostim-medical-services-notifies-2215745/
- https://www.prnewswire.com/news-releases/console–associates-pc-electrostim-medical-services-dba-emsi-reports-data-breach-exposing-confidential-information-of-542-990-consumers-302030348.html
- https://www.linkedin.com/in/daviddelapaz
- https://markets.businessinsider.com/news/stocks/electrostim-medical-services-inc-provides-notice-of-data-security-event-1032933424
- https://www.defensorum.com/data-breach-reports-by-electrostim-medical-services-meridian-behavioral-healthcare-and-network-180/
- https://colevannote.com/investigations/
- https://www.classaction.org/media/electrostim-medical-services-inc-data-breach-notice-letter.pdf
- https://cybermaterial.com/emsi-cyberattack-affects-543000-patients/
- https://www.wecontrolpain.com/devices
- https://www.idstrong.com/sentinel/healthcare-cyber-attack-half-a-million-records-stollen/
- https://www.idstrong.com/sentinel/essen-health-care-suffered-data-breach/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.hipaajournal.com/december-2023-healthcare-data-breach-report/
- https://www.classaction.org/media/heflin-v-electrostim-medical-services-inc.pdf
- https://www.wecontrolpain.com