News

Major security breach hits patients, firefighters

NOW PLAYING ABOVE

BELLEVUE, Wash. — Retailers have been in the spotlight recently for security breaches, but now, a major security breach is hitting medical patients and firefighters across Puget Sound.

A hacker managed to get into a server that stored the records of thousands of medical responses in three King County communities.

The North East King County Regional Public Safety Communication Agency, NORCOM, is working with local and federal agencies to investigate the breach and is reaching out to those possibly affected.

Duvall is among the affected communities.  The information for around 3,500 people needing medical care is now in the hands of a hacker, but the information obtained is what could be found on Facebook.

However, 40 firefighters in Duvall are on alert because their identities could very well be stolen.

Duvall Fire Chief David Burke is contacting 39 firefighters, including four current and others dating back to 2004, telling them their personal information may have been stolen.

"We don't know what the sole purpose of the breach was," said Burke.

NORCOM said “the preliminary investigation reveals the hacker broke the code of a highly complex password on a server.”

That server stored personal information for around 6,000 patients and more than 230 firefighters.

Those who are possibly affected are the Duvall and Skykomish Fire Departments as well as Snoqualmie Pass Fire and Rescue District 51.

The hacker may have patients’ address, date of birth and reason for calling for medical aid.

But the hacker may have even more information for first responders: social security numbers, driver’s license information and date of birth.

Burke said that in October, his department was in the process of moving personnel information to a new database when the hacker struck.

When asked what, if anything, he would have done differently, Burke admits the department could have done some things differently.

"We could have deleted some information that we weren't using and those types of things, but that still wouldn't have taken away from the threat to our patients because that information has to reside in that software," he said.

Burke said his department has already changed over all the personnel information to a new system.

The hacked server was not connected to the 911 computer systems, emphasizes NORCOM.

NORCOM designated an email and phone number for those who may be affected by the breach.The information hotline number is 425-646-8011. The email is hotline@norcom.org.

Those who may be affected by the breach can contact the three credit reporting agencies to place a fraud alert on their accounts.  Contact information for credit bureaus are Experian at 1-888-397-3742; Equifax at 1-800-525-6285 and TransUnion at 1-800-680-7289.

0