In a significant data security incident, Medical Express Ambulance Inc., commonly known as MedEx, has disclosed that unauthorized access to sensitive patient health and employee personal information might have occurred. The announcement was made on April 14, 2025, as part of their commitment to transparency and customer protection.
"While this incident did not significantly impact our ability to serve our patients, this posting is intended to provide notice of the incident, steps we are taking in response to the incident, and resources available to help you protect against the potential misuse of information," said a representative from MedEx.
The breach was first detected on March 18, 2024, when MedEx experienced a disturbance in their network that hindered the functionality and access of several critical systems. In response, the ambulance service acted quickly, disconnecting all network access and enlisting the help of a specialized third-party cybersecurity firm to assess the situation and implement security measures.
"The forensic investigation determined that personal information may have been acquired by the threat actor," the MedEx representative confirmed. Following this discovery, the company initiated an analysis to uncover any sensitive Personal Identifiable Information (PII) or Protected Health Information (PHI) that might have been compromised.
"The forensic investigation determined that personal information may have been acquired by the threat actor,"
Impact and Legacy
To assist in this process, MedEx engaged a vendor to thoroughly review the affected data, which proved to be complex due to its volume and the variety of information involved. As of March 3, 2025, a third-party notice vendor was brought on board to facilitate communications and provide identity theft protection services to those whose information might have been impacted. By March 19, the final list of individuals to notify was established.
By the Numbers
Potentially affected information varies for each individual, but MedEx outlined that it may include names, dates of birth, demographic data, Social Security numbers, driver's license numbers, medical and financial information, health insurance details, usernames and passwords, and in certain cases, passport information. The company stated, "Affected individuals have been notified by mail with enrollment information for complimentary credit monitoring and identity theft restoration services."
Looking Ahead
MedEx recognizes that data privacy is paramount and has taken swift action to secure their systems. "Data privacy and security are among MedEx’s highest priorities," the representative emphasized. Measures taken include enhancing network security, performing a comprehensive investigation, notifying law enforcement, and restructuring user access controls to prevent future breaches.
"Data privacy and security are among MedEx’s highest priorities,"
To further bolster their defenses, MedEx reset administrative credentials, disconnected network access, and updated their data management software. These extensive security initiatives reflect the company's dedication to protecting sensitive data moving forward.
In light of the breach, affected individuals are urged to stay vigilant against identity theft. "We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious or unauthorized activity," advised the MedEx representative. Security analysts recommend that individuals notify their financial institutions and major credit bureaus to take necessary protective measures such as placing fraud alerts on credit files.
"We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious or unauthorized activity,"
MedEx has also set up a dedicated helpline for individuals with questions regarding this incident. "If you have additional questions, please call 855-659-0097, Monday through Friday, 9:00 A.M. to 9:00 P.M. Central Time, except holidays," said the representative.
The company expressed regret over the incident, emphasizing their ongoing commitment to protecting the privacy and security of all information within their control.
As MedEx Ambulance continues to address the aftermath of this breach, further measures are likely to be taken to restore public confidence and safeguard against future incidents.