The Fire Department this week notified more than 10,000 patients whom the FDNY EMS had previously treated and or transported that their personal information may have been compromised by a loss of an agency employee’s personal external hard drive last March.
The employee, who was authorized to access the records, had uploaded the information onto the personal external device, which was reported missing.
Although there is no evidence to date that any of the information stored on the personal device has been accessed, the FDNY is treating the incident as if the information may have been seen by an unauthorized person. FDNY has notified the impacted patients. Further, 3,000 patients whose social security numbers may have been compromised are being offered free credit monitoring.
The 10,253 patients who were notified this week by mail of the data breach were all treated and or transported by EMS during the period from 2011 to 2018.
The FDNY is following the Health Insurance Portability and Accountability Act of 1996 (HIPAA) guidelines in notifying all persons whose information may have been compromised. Patients can call toll-free (877) 213 -1732 between the hours of 9:00 a.m. — 9:00 p.m. if they have any questions about the breach or if they think their personal information was included in this breach.
Attached: A copy of the letter (PDF)