The FDNY admitted Friday that an employee’s personal hard drive was ripped off and thousands of EMS patients may have had their information compromised — five months after learning of the theft.
The theft affected 10,253 people who were treated or taken to the hospital by FDNY EMS ambulance between 2011 and 2018 — including 2,988 whose social security numbers might have been exposed, the FDNY said.
“This was not a hacking, but a loss of data caused by one employee’s failure to follow the department’s data security policies,” said fire department spokesman Myles Miller.
The department learned on March 4 that an employee’s personal, unencrypted external hard drive was missing from an FDNY facility.
The device contained thousands of pieces of “protected health information” and “belonged to an employee authorized to access FDNY patient information,” the agency said.
The FDNY chalked up its delay in notifying at-risk members of the public to a probe it was conducting to “determine whether any patient data was involved, and then to also identify each and every patient whose [protected health information] was involved,” according to the letter.
The employee is now the subject of an internal investigation and faces disciplinary measures.
A department spokesperson would not say when the device was stolen, or from which facility.
The hard drive contained confidential information provided by 911 callers — such as name, address, telephone number, date of birth, insurance number, health condition and, in some cases, Social Security number.
“A patient care report is created by the FDNY for each emergency call to which an ambulance responds,” the fire department explained in a letter sent Friday to all victims of the data breach.
The letter further detailed what happened, what personal information was jeopardized and what further steps would be taken by the department.
“There is no indication that information stored on the device has been accessed, but FDNY has chosen to err on the side of caution and treat this incident as though the information may have been seen by an unauthorized individual or individuals,” the letter reads. “That is the reason that you are receiving this Notice.”
The fire department is offering free credit monitoring to all people whose Social Security numbers were compromised.
The department is retraining all employees who handle patients’ medical data.
Patients with questions are urged to call (877) 213-1732 between 9 a.m. and 9 p.m.
Click Here: watford football shirts