The New York City Fire Department (FDNY) has disclosed a ‘data breach’ that took place in March 2019. Unlike other data breaches, which typically involve an unauthorized party exploiting a vulnerable network, the FDNY’s issue is the result of a lost hard drive. This drive, according to a statement published by New York City officials, belonged to an employee who was authorized to have access to the information.
The lost external personal hard drive contained information on more than 10,000 people who had been either transported or treated by the FDNY EMS, according to city officials. The information had been uploaded to the drive by an employee; it’s unclear whether the drive was encrypted.
In addition to the medical records, the FDNY says the hard drive contained the Social Security numbers of 3,000 patients, putting them at risk of identity theft. At this time, the FDNY says there is no evidence that the data on the hard drive has been compromised.
A total of 10,253 patients were potentially compromised by the lost hard drive. New York City officials are offering free credit monitoring to the 3,000 people whose Social Security numbers were located on the drive. Notifications were issued to the approximately 10,000 people collectively impacted by mail.
The medical records covered patients who had been transported or treated by FDNY from 2011 to 2018. Anyone potentially impacted by the data loss who has questions about the matter can contact officials using the toll-free number (877) 213 -1732.