DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

N.J. volunteer EMS agency says patient data was breached

Posted on December 23, 2021 by Dissent

Leila Merrill reports:

A volunteer EMS agency in New Jersey says in a news release that patient data in New Jersey was breached, and it has requested formal hearings in the state Senate and Assembly Health Committees.

The Lincoln Park First Aid Squad, also known as Lincoln Park EMS, announced that it and other squads that are part of the EMS Council of New Jersey 17th and 18th Districts, inadvertently found that the state health department’s office of EMS gave the New Jersey State Police’s Fatal Accident Reporting System access to an electronic medical records system used by ambulance services throughout New Jersey. This is said to be an administrator access, which is high-level, without oversight, and includes access to medical records.

Read more at EMS1

A key part of the press release says:

Federal HIPAA regulations require the Squad to report to the U.S. Department of Health and Human Services any instances in which medical records were accessed without proper authorization. The Squad, through its attorneys Keavney & Streger, LLC, contacted Dr. Terry Clancy, Director of the Office of EMS, to obtain information and determine the nature and scope of the medical records accessed. Rather than provide details to facilitate the investigation, Director Clancy responded that this was normal business under a separate data sharing agreement which has strict limits on the type of information accessible related to opioid overdoses. Instead, this appeared to be a completely new granting of blanket access to any medical record without controls. Rather of answering these reasonable questions, the Squad and its members were threatened with discipline for pausing data sharing with the State to ensure privacy protections during the investigation.

The Squad contacted Commissioner Judith Persichilli with these concerns, but no reply whatsoever was received to that request. As a result, the Squad has requested formal hearings on this topic in the Senate and Assembly Health Committees.

So if this was an accidental misconfiguration that allowed access, you’d think the state would issue a statement and investigate and notify properly. Instead, it sounds like the squad feels they are being stonewalled or lied to. Was this legitimate and permissible access or not? If the state won’t investigate, maybe HHS OCR will.

Related posts:

  • FTC Announces Hearings On Competition and Consumer Protection in the 21st Century
Category: Commentaries and AnalysesExposureHealth DataU.S.

Post navigation

← Massive data breach exposes wage and personal info of more than 637,000 Albanian residents
If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.