FDNY EMS notifies over 10,000 patients of data breach that occurred in March 2019

• The incident occurred due to the loss of a personal hard drive.
• The department came to know about the incident on March 4, 2019.

The Fire Department of New York (FDNY) has notified a total of 10,253 patients of a data breach that took place in March 2019. The incident occurred due to the loss of a hard drive.

What happened?

According to a statement published by New York City officials, the hard drive belonged to an employee who was authorized to have access to the department’s sensitive information. The department came to know about the loss on March 4, 2019.

The lost external personal hard drive contained medical information on more than 10,000 patients who are associated with the FDNY EMS. Apart from medical information, the FDNY said the hard drive contained Social Security numbers of 3,000 patients.

During the investigation, it was determined that the missing hard drive was unencrypted, which might allow an unauthorized individual to access the information.

However, the FDNY report claims that there is no evidence to date if the stored data on the personal device has been accessed.

Who is impacted?

The 10,253 patients affected are those who were either treated or transported by EMS during the period from 2011 to 2018.

What data was contained in the hard drive?

In the notice, FDNY disclosed that the hard drive contained names, addresses, gender, telephone numbers, birth dates, insurance information numbers and health information of patients.

What has been done?

Patients who have had their Social Security numbers compromised are being offered free credit monitoring services. The FDNY is following the Health Insurance Portability and Accountability Act (HIPAA) of 1996 guidelines to notify the affected people.