TEMPLE TERRACE, Fla. – EMS Management and Consultants, Inc. (EMS|MC) recently notified the City of Temple Terrace Fire Department of an incident that involved information related to certain patients treated and/or transported by the Department.
On May 31, 2023 Progress Software Corp. publicly disclosed that its MOVEit Transfer tool had been compromised. This compromise potentially impacted millions of individuals across the country.
The City’s billing services provider, EMS|MC, is a user of that tool. That company moved quickly to patch the tool and undertook recommended mitigation steps.
In the news: Temple Terrace Man Suffers Medical Emergency, Crashes Into Georgia Woman On I-75
- EMS|MC promptly launched an investigation, with the assistance of EMS|third-party cybersecurity specialists, to determine the potential impact of the incident.
- EMS|MC’s investigation determined that an unknown actor accessed the
- EMS|MOVEit Transfer server on May 30, 2023, and took certain data from the server during that time.
- EMS|MC then engaged a third-party data analysis firm to perform a
- EMS| detailed review of the involved data to understand the contents of that data and to whom it relates. Through this review EMS|MC learned that approximately 700 Temple Terrace patients’ information was included within the data.
While EMS|MC is unaware of any misuse of information in relation to the incident, it is providing potentially affected individuals with steps they may take to help protect their information should they feel it is necessary to do so.
EMS|MC recently mailed letters to the affected individuals for whom they have valid mailing addresses.
According to EMS/MC, impacted information for Temple Terrace includes name, date of service, medical treatment location (destination hospital), and medical record number. An earlier letter from EMS/MC erroneously stated that dates of birth and social security numbers were also involved, but this information was found to be incorrect. A revised letter is forthcoming.
In response to the Tampa Free Press, MOVEit pointed us to a statement explaining in full, the actions that were taken.
“We have not seen any evidence that the vulnerability reported on June 15 has been exploited. Taking MOVEit Cloud offline for maintenance was a defensive measure to protect our customers and not done in response to any malicious activity. Because the new vulnerability we reported on June 15 had been publicly posted online, it was important that we take immediate action out of an abundance of caution to quickly patch the vulnerability and disable MOVEit Cloud
“Our product teams and third-party forensics partner have reviewed the vulnerability and associated patch and have deemed that the issue has been addressed. This fix has been applied to all MOVEit Cloud clusters and is available for MOVEit Transfer customers.
“A third party publicly disclosed a vulnerability impacting MOVEit Transfer and MOVEit Cloud in a way that did not follow normal industry standards, and in doing put our customers at increased risk of exploitation. Because it is common across the industry that reported vulnerabilities lead to increased attention from both malicious threat actors and cybersecurity researchers trying to uncover new vulnerabilities, we are working closely with our industry partners to take all appropriate steps to address any issues,” said Progress.com.
The full statement can be read here.
Interested individuals can find additional information about the event and how they can help protect their personal information at www.emsbilling.com/notice.
They may also contact a toll-free call center dedicated to responding to inquiries about this incident at 833.318.2801, reference code B100189.
We can’t do this without your help; visit our GiveSendGo page and donate any dollar amount; every penny helps