Healthcare provider DocGo says cyber incident compromised patients' personal data

New York-based healthcare services provider DocGo said it experienced a cyber security incident that compromised patients’ sensitive personal information.

 

Headquartered in New York, DocGo provides mobile health services, ambulance services, and remote monitoring for patients in 26 U.S. states and in the United Kingdom.

 

In an 8-K filing with the U.S. Securities and Exchange Commission, DocGo said that it “recently identified a cybersecurity incident involving certain of the Company’s systems.” 

 

Immediately after identifying the incident, the company launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident, took steps to contain the spread of the attack and notified relevant law enforcement.

 

“As part of its investigation, the Company has determined that the threat actor accessed and acquired data, including certain protected health information, from a limited number of healthcare records within the Company’s U.S.-based ambulance transportation business,” the company said in its SEC filing.

 

DocGo has assured customers that no other line of business was impacted by the cyber attack. The healthcare service provider added that it found no evidence of “continued unauthorised activity on its systems” and said that the incident has been contained.

 

While the company did not state the number of affected individuals or the nature of the compromised data, it is in the process of notifying affected individuals.

 

“To date, the cybersecurity incident has not had a material impact on the Company’s operations, and the Company currently does not expect that the cybersecurity incident will have a material impact on its overall financial condition or on its ongoing results of operations,” it added.