An unauthorised third party gained access to the information through employee email accounts.
Nationwide physician-staffing company EmCare says a breach exposed personal data for about 31,000 patients, including in some cases their Social Security numbers and clinical information.
EmCare Inc. said on April 20, that an unauthorised third party gained access to the information through employee email accounts.
The company said that it learned Feb. 19 that the breach exposed names, dates of birth and Social Security and driver-license numbers for some patients, employees and contractors.
Company representative Aliese Polk said the breached employee email accounts contained personal information on fewer than 60,000 people, including about 31,000 patients.
The company, based in Plantation, Florida, says it doesn’t know if the personal information was taken, and there’s no indication it was used for fraud or identity theft.
EmCare said it began notifying affected people on April 19. It said it is taking additional security steps to prevent another breach, including giving employees more training about email security.
The company said it arranged for identity protection and credit-monitoring services for patients and employees whose Social Security or license numbers were exposed.
EmCare and competitors such as TeamHealth provide emergency room staffing and billing and other services for hospitals.
A Yale University study last year found that when EmCare gets a contract to run an emergency room, it often leaves insurance networks and then presents patients with surprisingly high out-of-network bills. EmCare described the study as flawed and dated.