The employee was authorized to access the medical records, and the device was reported missing March 4. FDNY launched an investigation into the incident and concluded there is no evidence that any of the 10,253 patients’ information that was stored on the device has been inappropriately accessed. However, the device was unencrypted, which “might allow the information it contained to be accessed by an unauthorized individual,” according to the news release.
Patients who were affected by the breach were either treated or transported by EMS from 2011-18. The department is providing free credit monitoring to 3,000 patients whose Social Security numbers may have been compromised.
“In light of this incident, FDNY has retrained employees with high-level access to [private health information] about FDNY HIPAA Privacy and Security Polices that all FDNY personnel must follow or be subject to sanctions,” said Glenn Asaeda, MD, FDNY chief medical director, according to the news release.
More articles on cybersecurity:
Hackers demand more than $1M in bitcoin from Washington hospital
Renown Health thumb drive with patient information reported missing
Former Lehigh Valley patient claims physician inappropriately accessed his medical records
