None of 20,000 patients affected were ever notified of 911 computer breach

Information in Morrow County, Ohio emergency medical service networks was at risk in 2011 due to ports left open and malicious software.

The provider of EMS and 911 services -- Morrow County Firefighters and Squadsmen Association-- did not contact patients about the breach.   The reason being no data was compromised or lost, according to the association.

Teresa Staley, the 911 coordinator at the time of the incident, said she was fired by the association board in May 2012 because of co-workers’ allegations she “was not working.” She said the breach was discovered when the association was having voiceover capability installed on its computers.

“Personnel had noticed computers running slowly and other problems and the IT specialists discovered computer viruses, including Trojan viruses, in the system,” the Marion Star reports.

Staley said EMS did not know what information, if any, was accessed. At the time, information technology contractors told her: “You were breached. You need to let everyone who was transported know,’ because this involved the billing.”

Four ports on the 911/EMS computer system were left open from 2008 through 2011, making the system vulnerable, Staley said.

She said contractor personnel recommended alerting patients who had been served from 2008 through 2011.

Association officials said they didn’t remember the contractors suggesting that patients should be contacted.

“Morrow County Commissioner Tom Whiston, who was a commissioner at the time of the incident, said based on what he’s been told, a breach occurred that should have been reported to the patients and the U.S. Department of Health and Human Services,” the Marion Star reports.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.