#USA #Data Security #patient privacy #MedEx Ambulance #Skokie, Illinois

MedEx Ambulance's Data Security Incident: Key Information and Response

Introduction
On April 18, 2025, MedEx Ambulance, operating as Medical Express Ambulance Inc., publicly disclosed a significant data security incident. This unfortunate event potentially compromised sensitive data, including patient health and employee personal information. While the integrity of service delivery remained intact, the company aims to keep stakeholders informed about the incident, the responses initiated, and the resources available to those affected.

What Occurred?

On March 18, 2024, a network disruption was identified within MedEx that hindered access to certain operational systems. Promptly responding to this cybersecurity threat, the company severed all network connections and engaged a specialized third-party cybersecurity firm and IT professionals. This team was tasked with conducting a thorough forensic investigation to determine the incident's nature and scope. Initial findings indicated that unauthorized access to personal information might have occurred.

Investigation Overview
Following the disruption, MedEx undertook a meticulous analysis of the compromised data to discern any sensitive personal information (PII) or protected health information (PHI). A third-party vendor was employed to carry out a comprehensive review of the data. Given the complexity of the data, this process involved multiple phases—both automated and manual—to ensure an accurate understanding of the data compromise.

By March 3, 2025, MedEx enlisted another third-party vendor to manage communications regarding the incident, including mailings and providing identity theft protection services to those whose sensitive information was potentially impacted. By March 19, the company finalized the list of individuals that needed notification.

Type of Information Involved

The nature of the information affected varied among individuals. However, preliminary investigations have shown that the following data categories may have been compromised:

• - Names and dates of birth
• - Demographic and contact information
• - Social Security Numbers
• - Driver's license and state ID numbers
• - Medical records and health insurance details
• - Financial information
• - Usernames and passwords
• - For some individuals, passport details

It is crucial to note that not all impacted individuals will have experienced the same type of data exposure. In response to the breach, MedEx has extended complimentary credit monitoring and identity theft recovery services to affected individuals, who were informed by mail with detailed enrollment instructions.

Actions Taken by MedEx

MedEx has underscored that data privacy and security remain top priorities. In response to the incident, the company has rapidly implemented several measures, including:

• - Engaging specialized cybersecurity experts to further secure the network
• - Changing administrative credentials company-wide
• - Notifying law enforcement authorities about the breach
• - Enhancing existing network security protocols to prevent future incidents
• - Disconnecting all current system accesses to safeguard sensitive data
• - Conducting an organizational credential reset of all users
• - Overhauling and reinforcing current security architectures
• - Upgrading data management software for enhanced protection

These actions demonstrate MedEx’s commitment to data protection and the urgency with which it has approached this incident.

Protecting Yourself

Amidst this breach, MedEx urges individuals to stay vigilant regarding potential identity theft. It is recommended to:

• - Regularly review account statements for unauthorized transactions
• - Check credit reports for unusual activities
• - Contact financial institutions and credit reporting agencies to flag the breach and follow recommended protective actions, which may include placing a fraud alert on credit files.

Thus far, MedEx has not received any reports concerning the misuse of personal health data linked to this incident.

Further Assistance

For individuals with additional questions or concerns not addressed in this notice, MedEx encourages direct inquiries to their support line at 855-659-0097, available Monday to Friday from 9 AM to 9 PM Central Time, excluding holidays.

Conclusion
MedEx Ambulance deeply regrets any inconvenience this situation may cause and reaffirms its commitment to safeguarding the personal and health information of its patients and employees. Continuous improvement in data security practices will remain an organizational focus to enhance trust and protect all sensitive data entrusted to the company.