Three fire departments in King County, Washington, are among the latest to have their protected health information hacked, as emergency medical services continue to be targeted. During the past couple of years, dozens of local Fire/EMS departments have been hacked across the nation.

In Washington, the North East King County Regional Public Safety Communication Agency (NORCOM) has reported the breach of a server that stored data on an estimated 6,000 medical responses for Duvall Fire District 45, Skykomish Fire Department and Snoqualmie Pass Fire & Rescue (Fire District 51). What’s not clear yet, however, is whether protected information has actually been accessed, says Tom Orr, executive director at NORCOM. Nor is it known when the hacking occurred; an I.T. staffer discovered it on Dec. 24, he adds.

The Bellevue Police Department and Secret Service continue investigating the incident. The hacked server, no longer in service, was not connected to the regional 911 computer system. A preliminary investigation finds patient data on the server included name, address, date of birth, nature of the call and initial medical condition. But data on 231 full-time and volunteer firefighters also was compromised, including driver license information, date of birth, Social Security number, emergency contacts and limited medical information.

Files in the hacked server were in a format that could not be opened and read without a high level of technological sophistication, Orr says. NORCOM is implementing several security improvements, such as enhanced firewall and anti-virus software that he says already was very good, and the speeding up of already planned implementation of an intrusion detection and prevention system that can spot suspicious activity outside the firewall. The organization also is looking at encryption, but there remain complexities in the 911 world of shared data that have to worked out, Orr notes.

Under an abundance of caution, notificiations to affected individuals have begun and preliminary contacts have been made to the HHS Office for Civil Rights, Orr says. He does not yet know how many individuals may be affected, as there likely are duplicate files for many patients out of the 6,000 medical responses that were in the server. Until more information is known, NORCOM hasn’t yet considered whether protective services will be offered to affected individuals, he adds.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access