On December 19, 2022, Medstar Mobile Healthcare (“Metropolitan Area EMS Authority dba MedStar Mobile Healthcare”) filed notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after a recent hacking incident targeting the company’s computer system compromised confidential information belonging to certain patients. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ protected health information. After confirming that patient data was leaked, Medstar began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you ever relied on services provided by Medstar Mobile Healthcare, it’s possible that your sensitive healthcare information is now in the hands of a criminal actor who hopes to use your information for their own benefit. As we’ve discussed in previous posts, cybercriminals have recently shown an increased interest in targeting healthcare providers due to the vast amount of sensitive information these companies maintain on behalf of patients. The information hackers obtain through a healthcare data breach such as this one can be used to commit a wide range of frauds, including healthcare identity theft. Therefore, it is essential that anyone who receives a Medstar data breach letter take all necessary steps to protect themselves from the potentially life-altering consequences of identity theft. Additionally, depending on the outcome of the pending investigation, affected patients may be able to pursue a data breach class action lawsuit against Medstar, if the evidence shows that the company was negligent in how it maintained or stored patient information.

What We Know So Far About the Medstar Mobile Healthcare Breach

The available information regarding the Medstar Mobile Healthcare breach comes from the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”). However, the HHS-OCR data breach portal only provides limited information about the breach, and the company has not yet posted notice of the incident on its website or otherwise elaborated on what led up to the breach. Thus, information is currently quite limited.

However, we know that the breach involved a “hacking / IT incident” that targeted Medstar’s network servers. Additionally, because companies only need to file notice of a data breach with the HHS-OCR if the breach compromised individuals’ protected health information, it’s very likely that this breach involved information pertaining to patients’ healthcare.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Medstar Mobile Healthcare began to review the affected files to determine what information was compromised and which consumers were impacted.

On December 19, 2022, Medstar Mobile Healthcare sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to the U.S. Department of Health and Human Services Office for Civil Rights, the Medstar data breach affected the personal information of 612,000 individuals across the country.

More Information About Medstar Mobile Healthcare

Medstar Mobile Healthcare MedStar Mobile Healthcare is the trade name for the Metropolitan Area EMS Authority (“MAEMSA”), an emergency and non-emergency ambulance service provider for 15 cities in Tarrant County, including Blue Mound, Burleson, Edgecliff Village, Forest Hill, Fort Worth, Haltom City, Haslet, Lakeside, Lake Worth, River Oaks, Saginaw, Sansom Park, Westover Hills, Westworth Village, and White Settlement. Medstar serves over 436 square miles and more than 1.1 million residents, responding to over 185,000 calls per year. Medstar was founded in 1986 and is based in Fort Worth, Texas. Medstar Mobile Healthcare employs more than 460 people and generates approximately $67 million in annual revenue.