SKOKIE, Illinois, April 18, 2025 /PRNewswire/ -- Medical Express Ambulance Inc., operating under the name MedEx Ambulance, has recently reported a significant data security incident that may have led to unauthorized access to sensitive information including patient health records and employee personal details. Although the company assures that the incident did not severely hinder their ability to provide care to patients, they are taking proactive steps to inform affected individuals, address the situation, and offer resources to safeguard against potential misuse of the compromised data.

The incident occurred on March 18, 2024, when MedEx experienced an unexpected disruption to its network, which affected the functionality and accessibility of certain critical systems. Upon identifying the issue, MedEx acted promptly by disconnecting all access to their network. They engaged a specialized third-party cybersecurity firm alongside their IT personnel to secure their systems and conduct a thorough forensic investigation to ascertain the nature and extent of the breach. Preliminary findings from this investigation indicated that the personal information of some individuals may have been accessed by the perpetrator.

In light of these findings, MedEx initiated a detailed analysis of the compromised data to identify any sensitive personal information (PII) or protected health information (PHI) that could have been exposed. This data mining effort required engagement with a third-party vendor to methodically review the compromised data, a process that proved to be complex due to the various types and volume of information involved. By March 3, 2025, MedEx had recruited a third-party notice vendor to assist in mailing notifications, managing a call center, and providing identity theft protection services to those affected by the incident. Following this, MedEx verified patient information and addresses for notifications, completing their list of individuals to notify by March 19, 2025.

The scope of the information potentially exposed in the breach varied for each affected individual. According to the investigation, unauthorized access may have included a range of sensitive information such as names, dates of birth, demographic details, Social Security numbers, driver's license numbers, state identification numbers, medical and financial information, health insurance details, usernames and passwords, and, for a limited number of individuals, passport information. Importantly, the specifics of the compromised data differ for each individual, and as a precautionary measure, MedEx has provided those impacted with complimentary credit monitoring and identity theft restoration services. Affected individuals have been notified through the mail with instructions on how to enroll in these services.

In response to this incident, MedEx has underscored its commitment to data privacy and security, which are among its highest priorities. The company has implemented a series of extensive measures designed to protect the information in its custody. Following the incident's discovery, MedEx promptly engaged a third-party cybersecurity firm, altered administrative credentials, notified law enforcement, and made ongoing enhancements to its network security protocols to prevent recurrence of such incidents. Additional actions taken by MedEx include disconnecting all network access, performing an organization-wide reset of user credentials, restructuring security systems, and upgrading their data management software to ensure stronger protection.

As a precaution, MedEx encourages individuals to remain vigilant against identity theft and fraud. They advise affected individuals to review account statements carefully, monitor credit reports for any suspicious activities, and alert their financial institutions and major credit bureaus about the breach. Recommendations also suggest the placement of a fraud alert on credit files as an additional precaution. At this time, MedEx reports that they have not received any notifications regarding misuse of personal health information since the incident.

For those who may have further questions regarding this incident or the steps being taken, MedEx has made a dedicated hotline available at 855-659-0097, operational Monday through Friday, from 9:00 A.M. to 9:00 P.M. Central Time, excluding holidays.

MedEx Ambulance sincerely regrets any inconvenience or concern this incident may cause and remains committed to safeguarding the privacy and security of all information under its stewardship.

Sincerely,
MedEx Ambulance Service