Dallas Fire-Rescue Emergency Medical Services Data Breach (2011)

Over a period of approximately three years, a small number of laptops have gone missing from ambulances in the Dallas area. The laptops in question disappeared between January 1, 2011, and August 29, 2014, according to the Dallas Morning News, and reportedly contained patient information. Dallas City Hall stated that Dallas Fire-Rescue (DFR) Emergency Medical Services (EMS) laptop computers in DFR ambulances became unaccounted for in the three-year period. Additionally, on Aug. 15, 2014, it was discovered that one of the software applications on the EMS laptops was not properly protected. If the EMS laptop used during a patients treatment was one of those unaccounted for, and if the paramedics performed an electrocardiogram (EKG) on the patient, that EKG and possibly the patients name, age and gender, may have become accessible to an unauthorized person(s), explained a press release from the city of Dallas. Dallas reported the incident to the US Department of Health and Human Services (HHS) and also contacted individuals whose PHI is potentially at risk, according to the release. Due to some of the patients unable to be readily identified, the statement explained that notifications will be published in print publications, online and via first-class mail. The City has formed a breach assessment team, which is working with an outside consulting firm to assess potential security risks related to the EMS laptops, the statement read. Once the risks have been identified, actions will be implemented to prevent such events from recurring. The release did not specify how many laptops were missing or how the breach exactly occurred.