More than 10,000 patients who were treated by the New York Fire Department Emergency Medical Services may have had their personal information compromised after an employee lost the hard drive containing the patients’ files.
The incident happened in March 2019 according to the statement of the Fire Department. However, patients were only notified of the incident only this week, warning about the higher potential of fraudulent attacks.
The AP News reports that the data in the hard drive contains names, addresses, telephone numbers, insurance names, health details and some social security numbers.
In the statement, it is said that the agency employee stored the data in a personal hard drive then reported it missing in March. Patients who availed of ambulance services from 2011 to 2018 are among the affected people in this incident.
“This was not a hacking, but a loss of data caused by one employee’s failure to follow the department’s data security policies,” clarified spokesperson Myles Miller.
Five months after the incident, FDNY admitted that thousands of patients’ records may be compromised. According to the department, the external hard drive went missing from the FDNY facility and that the employee has accessed to the patient information.
In addition, the department clarifies there is no reported evidence that shows the information from the hard drive has been accessed. However, the department has been treating it a serious threat and is doing its job to ensure that no former patient can be affected by this incident.
According to Cnet.com, the FDNY is also offering free credit monitoring to 3,000 patients who may have had their social security numbers compromised. People who are notified about the incident can coordinate with the department to check on possible ways to avoid problems concerning their social security numbers.
Personal health information
The chief medical director of the FDNY Glenn Asaeda said that personal health information of 10,000 patients is included on the lost hard drive. Asaeda explained that this information indicates the reason for a person to call an ambulance, treatment done on a certain patient as well as the patient care report.
In short, all the medical-related files of a person are in that hard drive which contains sensitive information about the patient.
The employee who lost the hard drive is now under investigation and faces disciplinary measures.