An investigation by the City of Dallas has found that a small number of Dallas Fire-Rescue (DFR) Emergency Medical Services (EMS) laptop computers in DFR ambulances became unaccounted for between Jan. 1, 2011 and Aug. 29, 2014.
On Aug. 15, 2014, the City determined that one of the software applications on these EMS laptops was not properly protected. If the EMS laptop used during a patient’s treatment was one of those unaccounted for, and if the paramedics performed an electrocardiogram (EKG) on the patient, that EKG and possibly the patient’s name, age and gender, may have become accessible to an unauthorized person(s).
The City is reporting this situation to the U.S. Department of Health and Human Services (HHS) and to individuals whose protected health information is at risk of unauthorized disclosure. Identities of some of the patients transported or attended to by EMS paramedics whose health information may have been exposed cannot be readily identified. Therefore, notifications will be published in print publications, online and via first-class mail.
The City has formed a breach assessment team, which is working with an outside consulting firm to assess potential security risks related to the EMS laptops. Once the risks have been identified, actions will be implemented to prevent such events from recurring.
