Blog

EMS Cybersecurity Insights & Resources

All 45 cfr 164 308 Access control Ach fraud prevention Ambulance Authentication BAA Bec healthcare Bed status Biometrics Body camera Business email compromise Cad logs Certificate based authentication Chain of custody Ciso Clinical continuity Compliance Cradlepoint Cve 2026 41940 Cyber insurance De identification Dispatch center security Dual approval workflow Ed notification EMS Ems billing security Ems cybersecurity Ems data Ems security ePCR Epcr data security Epcr offboarding Epcr security Ephi Eso Fire department Firstnet Fleet automation Foia HIPAA Hipaa compliance Hipaa compliant messaging ems Hipaa risk analysis Hospital Hosting Imagetrend Incident response Incident response panel Incident response plans Insider threat Knox box Mdm Mdt sanitization MFA Mfa warranty Micro segmentation Mobile messaging policy fire department NEMSIS Nemsis v3 Network security Nist 800 88 Ocr review Ocr sms guidance Operational chatter phi Operational security Passive reconnaissance Personal devices PHI Phi exposure Pre plan security Psap Public records Public safety Ransomware Ransomware sublimit Re identification risk Revenue cycle management security Runbook Safe harbor Scene photos Shared passwords Sierra wireless Sms hipaa violation Social engineering Social media Third party risk Training videos Vendor risk Verification protocols Vishing Volunteer fire department Web security Wpa2 enterprise Yubikey Zero touch provisioning Zero trust Zoll

Crew Phones and Social Media at the Scene: A HIPAA Framework Built for Reality

A practical HIPAA framework for EMS agencies managing crew phone photos, social media posts, and scene documentation on personal devices. No blanket bans, just real workflows.

HIPAAEMSPersonal devicesScene photosSocial mediaDe identification

May 28, 2026

Public Records Security: What To Never Release

A public safety security review: what records adversaries request, the statutory exemptions, and a review process every agency needs.

Public recordsFoiaCad logsOperational securityPassive reconnaissanceIncident response plans

May 27, 2026

Cyber Insurance for Small EMS and Volunteer Fire Services — The Clauses That Matter

What the policy clauses, MFA warranties, ransomware sublimits, and IR panel restrictions actually mean for small EMS and volunteer fire departments.

Cyber insuranceMfa warrantyRansomware sublimitIncident response panelEms securityVolunteer fire department

May 26, 2026

The Offboarding Gap That Leaves ePCR Access Open for Days

The gap between HR termination and ePCR access revocation in EMS agencies. How ImageTrend, ESO, and Zoll sessions stay alive and the same-day checklist that kills them.

Epcr offboardingImagetrendEsoZollHIPAAInsider threat

May 25, 2026

BEC Against EMS Billing: The ACH Form That Costs Six Figures

EMS agencies lose six figures to BEC attacks on billing staff. Here is how the ACH change form scam works and the dual-approval workflow that stops it.

Business email compromiseEms billing securityAch fraud preventionDual approval workflowRevenue cycle management securityBec healthcare

May 24, 2026

Social Engineering the Dispatch Center: Attack Scenarios and Verification Protocols

Three realistic social engineering attacks targeting public safety dispatch centers and the verification protocols that stop them.

Dispatch center securitySocial engineeringVishingPsapPublic safetyVerification protocols

May 23, 2026

Retiring MDTs: NIST 800-88, True Wipes vs. Factory Reset, and HIPAA Audit Proof

How NIST 800-88 applies to retiring EMS tablets, why factory resets leave PHI exposed, and the documentation needed for a HIPAA audit.

Mdt sanitizationNist 800 88Hipaa complianceEpcr data securityChain of custodyEms cybersecurity

May 22, 2026

Pre-Plan Security: The PHI-Adjacent Data Most Fire Departments Leave Unlocked

Alarm codes, Knox box combinations, occupant medical conditions, and hazmat locations live in your pre-plan system with weaker access controls than your ePCR. Here is the fix.

Pre plan securityKnox boxPHIFire departmentAccess controlMFA

May 21, 2026

The Texting Problem: When SMS Between Crews Becomes a HIPAA Issue

When does SMS between EMS crews cross from operational chatter into a HIPAA violation? Direct guidance on OCR rules, secure messaging policy, and what a defensible mobile policy looks like.

Sms hipaa violationHipaa compliant messaging emsMobile messaging policy fire departmentOcr sms guidanceOperational chatter phi

May 20, 2026

NEMSIS Data Submission and PHI Exposure — What Your Vendor Sends and Why You Should Verify It

Your ePCR vendor transmits full PHI through the NEMSIS V3 pipeline. The narrative field is an unguarded re-identification risk most agencies never audit. Here is how to validate the payload.

Nemsis v3Phi exposureEpcr securityEms dataHipaa complianceRe identification risk

May 19, 2026

The HIPAA Risk Analysis That Holds Up Under OCR Review

OCR expects a risk analysis that maps threats to vulnerabilities, not a generic compliance checklist. Here is what 45 CFR 164.308(a)(1)(ii)(A) actually requires and how to build it for your EMS agency.

Hipaa risk analysisOcr review45 cfr 164 308Ems securityEphiCompliance

May 18, 2026

Building an Incident Response Plan That Survives Contact With a Real EMS Cyber Incident

Generic IT incident response plans fail in EMS. Build a plan that accounts for clinical continuity, dispatch, NEMSIS, and the 2 a.m. runbook.

Incident responseRansomwareEMSClinical continuityNEMSISRunbook

May 13, 2026

Beyond the Password: Moving EMS to Identity-Based Security

Shared passwords fail HIPAA requirements for unique user identification. WPA2-Enterprise and certificate-based authentication close the gap.

Wpa2 enterpriseCertificate based authenticationEMSHIPAAShared passwordsMdm

May 12, 2026

MFA for the Ambulance: Why Just Use a YubiKey Isnt the Answer

YubiKeys, SMS codes, and authenticator apps fail in the field. Here is a layered MFA approach designed for the back of an ambulance.

MFAAuthenticationEMSHIPAAYubikeyBiometrics

May 11, 2026

PHI in Training Videos: The HIPAA Exposure Most Agencies Miss

Body-cam footage, QA clips, and training videos contain invisible PHI. Most agencies fail Safe Harbor. Here is a defensible workflow.

HIPAAPHIBody cameraTraining videosDe identificationSafe harbor

May 10, 2026

Vendor Risk Management for Small EMS Agencies Without a CISO

How to manage vendor risk for a small EMS agency without a CISO. A lean 80-20 approach focusing on the vendors that handle PHI and keep the trucks running.

Vendor riskEMSHIPAABAACisoThird party risk

May 9, 2026

When the Ambulance Is the Endpoint: Zero Trust for the Rig

An ambulance is a mobile data center. Here is how to apply zero trust principles to secure the modem, tablet, monitor, and camera without breaking clinical workflow.

Zero trustAmbulanceEMSePCRNetwork securityMicro segmentation

May 8, 2026

Scaling 100 Trucks: Automation Strategies for Fire and EMS IT

How to deploy and manage 100 connected EMS vehicles using cloud management consoles, variable-driven templates, and MDM without manual per-truck setup.

CradlepointSierra wirelessMdmFirstnetZero touch provisioningFleet automation

May 7, 2026

The cPanel Bug That Compromised Thousands of Sites and Why Your Agency Should Care

CVE-2026-41940 in cPanel has compromised thousands of servers. Here is why your fire or EMS agency needs to check its hosting provider and what to ask.

Fire departmentRansomwareCve 2026 41940Web securityEMSHosting

May 6, 2026

Ransomware Hit the Hospital: The EMS Dependency Map Nobody Draws

When ransomware hits a hospital, EMS operations take a direct hit too. Here is the dependency map most agencies have not drawn and what to do about it.

RansomwareHospitalEMSePCREd notificationBed status

May 5, 2026