Thousands of patients who have been treated or transported by the FDNY EMS in recent years were notified last week that their personal information may have been breached.
10,253 patients who were treated between 2011 and 2018 received a letter from the FDNY explaining that that an employee had copied personal information from thousands of calls onto a personal hard drive, which was then reported missing.
The FDNY admits they were notified of the lost hard drive in March, but say that they reacted by launching “an expansive investigation which took several months” to determine first whether any patient data was compromised, and then to identify every patient whose information was involved.
The FDNY’s letter told patients that the data includes names, gender information, dates of birth, addresses, telephone numbers, insurance information numbers and health information provided as the reason for the ambulance call, all of which is part of the record the FDNY creates for every call, and which the employee had copied onto the hard drive which is now unaccounted for.
There is no evidence to date that this information has been accessed by anyone outside the department, but the risk cannot be ruled out.
3,000 patients whose social security numbers may have been compromised have received an offer from the FDNY for free credit monitoring.