Cybersecurity advisory built for EMS and Fire agencies. Protect operations, ensure compliance, and stay prepared for real-world cyber threats. https://www.ironrodsecurity.com/blog Thu, 28 May 2026 00:30:30 GMT en-us A public safety security review: what records adversaries request, the statutory exemptions, and a review process every agency needs. https://www.ironrodsecurity.com/blog/public-records-security-what-to-never-release https://www.ironrodsecurity.com/blog/public-records-security-what-to-never-release Wed, 27 May 2026 00:17:57 GMT Steven Carlson Public Records Foia Cad Logs Operational Security Passive Reconnaissance Incident Response Plans What the policy clauses, MFA warranties, ransomware sublimits, and IR panel restrictions actually mean for small EMS and volunteer fire departments. https://www.ironrodsecurity.com/blog/cyber-insurance-for-small-ems-and-volunteer-fire-services-the-clauses-that-matte https://www.ironrodsecurity.com/blog/cyber-insurance-for-small-ems-and-volunteer-fire-services-the-clauses-that-matte Tue, 26 May 2026 00:16:17 GMT Steven Carlson Cyber Insurance Mfa Warranty Ransomware Sublimit Incident Response Panel Ems Security Volunteer Fire Department The gap between HR termination and ePCR access revocation in EMS agencies. How ImageTrend, ESO, and Zoll sessions stay alive and the same-day checklist that kills them. https://www.ironrodsecurity.com/blog/the-offboarding-gap-that-leaves-epcr-access-open-for-days https://www.ironrodsecurity.com/blog/the-offboarding-gap-that-leaves-epcr-access-open-for-days Mon, 25 May 2026 01:12:23 GMT Steven Carlson Epcr Offboarding Imagetrend Eso Zoll Hipaa Insider Threat EMS agencies lose six figures to BEC attacks on billing staff. Here is how the ACH change form scam works and the dual-approval workflow that stops it. https://www.ironrodsecurity.com/blog/bec-against-ems-billing-the-ach-form-that-costs-six-figures https://www.ironrodsecurity.com/blog/bec-against-ems-billing-the-ach-form-that-costs-six-figures Sun, 24 May 2026 00:12:48 GMT Steven Carlson Business Email Compromise Ems Billing Security Ach Fraud Prevention Dual Approval Workflow Revenue Cycle Management Security Bec Healthcare Three realistic social engineering attacks targeting public safety dispatch centers and the verification protocols that stop them. https://www.ironrodsecurity.com/blog/social-engineering-the-dispatch-center-attack-scenarios-and-verification-protoco https://www.ironrodsecurity.com/blog/social-engineering-the-dispatch-center-attack-scenarios-and-verification-protoco Sat, 23 May 2026 00:10:06 GMT Steven Carlson Dispatch Center Security Social Engineering Vishing Psap Public Safety Verification Protocols How NIST 800-88 applies to retiring EMS tablets, why factory resets leave PHI exposed, and the documentation needed for a HIPAA audit. https://www.ironrodsecurity.com/blog/retiring-mdts-nist-800-88-true-wipes-vs-factory-reset-and-hipaa-audit-proof https://www.ironrodsecurity.com/blog/retiring-mdts-nist-800-88-true-wipes-vs-factory-reset-and-hipaa-audit-proof Fri, 22 May 2026 00:12:01 GMT Steven Carlson Mdt Sanitization Nist 800 88 Hipaa Compliance Epcr Data Security Chain Of Custody Ems Cybersecurity Alarm codes, Knox box combinations, occupant medical conditions, and hazmat locations live in your pre-plan system with weaker access controls than your ePCR. Here is the fix. https://www.ironrodsecurity.com/blog/pre-plan-security-the-phi-adjacent-data-most-fire-departments-leave-unlocked https://www.ironrodsecurity.com/blog/pre-plan-security-the-phi-adjacent-data-most-fire-departments-leave-unlocked Thu, 21 May 2026 00:16:04 GMT Steven Carlson Pre Plan Security Knox Box Phi Fire Department Access Control Mfa When does SMS between EMS crews cross from operational chatter into a HIPAA violation? Direct guidance on OCR rules, secure messaging policy, and what a defensible mobile policy looks like. https://www.ironrodsecurity.com/blog/the-texting-problem-when-sms-between-crews-becomes-a-hipaa-issue https://www.ironrodsecurity.com/blog/the-texting-problem-when-sms-between-crews-becomes-a-hipaa-issue Wed, 20 May 2026 00:14:44 GMT Steven Carlson Sms Hipaa Violation Hipaa Compliant Messaging Ems Mobile Messaging Policy Fire Department Ocr Sms Guidance Operational Chatter Phi Your ePCR vendor transmits full PHI through the NEMSIS V3 pipeline. The narrative field is an unguarded re-identification risk most agencies never audit. Here is how to validate the payload. https://www.ironrodsecurity.com/blog/nemsis-data-submission-and-phi-exposure-what-your-vendor-sends-and-why-you-shoul https://www.ironrodsecurity.com/blog/nemsis-data-submission-and-phi-exposure-what-your-vendor-sends-and-why-you-shoul Tue, 19 May 2026 00:45:25 GMT Steven Carlson Nemsis V3 Phi Exposure Epcr Security Ems Data Hipaa Compliance Re Identification Risk OCR expects a risk analysis that maps threats to vulnerabilities, not a generic compliance checklist. Here is what 45 CFR 164.308(a)(1)(ii)(A) actually requires and how to build it for your EMS agency. https://www.ironrodsecurity.com/blog/the-hipaa-risk-analysis-that-holds-up-under-ocr-review https://www.ironrodsecurity.com/blog/the-hipaa-risk-analysis-that-holds-up-under-ocr-review Mon, 18 May 2026 22:20:06 GMT Steven Carlson Hipaa Risk Analysis Ocr Review 45 Cfr 164 308 Ems Security Ephi Compliance Generic IT incident response plans fail in EMS. Build a plan that accounts for clinical continuity, dispatch, NEMSIS, and the 2 a.m. runbook. https://www.ironrodsecurity.com/blog/building-an-incident-response-plan-that-survives-contact-with-a-real-ems-cyber-i https://www.ironrodsecurity.com/blog/building-an-incident-response-plan-that-survives-contact-with-a-real-ems-cyber-i Wed, 13 May 2026 00:18:06 GMT Steven Carlson Incident Response Ransomware Ems Clinical Continuity Nemsis Runbook Shared passwords fail HIPAA requirements for unique user identification. WPA2-Enterprise and certificate-based authentication close the gap. https://www.ironrodsecurity.com/blog/beyond-the-password-moving-ems-to-identity-based-security https://www.ironrodsecurity.com/blog/beyond-the-password-moving-ems-to-identity-based-security Tue, 12 May 2026 00:14:08 GMT Steven Carlson Wpa2 Enterprise Certificate Based Authentication Ems Hipaa Shared Passwords Mdm YubiKeys, SMS codes, and authenticator apps fail in the field. Here is a layered MFA approach designed for the back of an ambulance. https://www.ironrodsecurity.com/blog/mfa-for-the-ambulance-why-just-use-a-yubikey-isnt-the-answer https://www.ironrodsecurity.com/blog/mfa-for-the-ambulance-why-just-use-a-yubikey-isnt-the-answer Mon, 11 May 2026 01:23:32 GMT Steven Carlson Mfa Authentication Ems Hipaa Yubikey Biometrics Body-cam footage, QA clips, and training videos contain invisible PHI. Most agencies fail Safe Harbor. Here is a defensible workflow. https://www.ironrodsecurity.com/blog/phi-in-training-videos-the-hipaa-exposure-most-agencies-miss https://www.ironrodsecurity.com/blog/phi-in-training-videos-the-hipaa-exposure-most-agencies-miss Sun, 10 May 2026 00:15:48 GMT Steven Carlson Hipaa Phi Body Camera Training Videos De Identification Safe Harbor How to manage vendor risk for a small EMS agency without a CISO. A lean 80-20 approach focusing on the vendors that handle PHI and keep the trucks running. https://www.ironrodsecurity.com/blog/vendor-risk-management-for-small-ems-agencies-without-a-ciso https://www.ironrodsecurity.com/blog/vendor-risk-management-for-small-ems-agencies-without-a-ciso Sat, 09 May 2026 01:04:03 GMT Steven Carlson Vendor Risk Ems Hipaa Baa Ciso Third Party Risk An ambulance is a mobile data center. Here is how to apply zero trust principles to secure the modem, tablet, monitor, and camera without breaking clinical workflow. https://www.ironrodsecurity.com/blog/when-the-ambulance-is-the-endpoint-zero-trust-for-the-rig https://www.ironrodsecurity.com/blog/when-the-ambulance-is-the-endpoint-zero-trust-for-the-rig Fri, 08 May 2026 00:29:41 GMT Steven Carlson Zero Trust Ambulance Ems Epcr Network Security Micro Segmentation How to deploy and manage 100 connected EMS vehicles using cloud management consoles, variable-driven templates, and MDM without manual per-truck setup. https://www.ironrodsecurity.com/blog/scaling-100-trucks-automation-strategies-for-fire-and-ems-it https://www.ironrodsecurity.com/blog/scaling-100-trucks-automation-strategies-for-fire-and-ems-it Thu, 07 May 2026 00:13:17 GMT Steven Carlson Cradlepoint Sierra Wireless Mdm Firstnet Zero Touch Provisioning Fleet Automation CVE-2026-41940 in cPanel has compromised thousands of servers. Here is why your fire or EMS agency needs to check its hosting provider and what to ask. https://www.ironrodsecurity.com/blog/the-cpanel-bug-that-compromised-thousands-of-sites-and-why-your-agency-should-care https://www.ironrodsecurity.com/blog/the-cpanel-bug-that-compromised-thousands-of-sites-and-why-your-agency-should-care Wed, 06 May 2026 00:27:46 GMT Steven Carlson Fire Department Ransomware Cve 2026 41940 Web Security Ems Hosting When ransomware hits a hospital, EMS operations take a direct hit too. Here is the dependency map most agencies have not drawn and what to do about it. https://www.ironrodsecurity.com/blog/ransomware-hit-the-hospital-the-ems-dependency-map-nobody-draws https://www.ironrodsecurity.com/blog/ransomware-hit-the-hospital-the-ems-dependency-map-nobody-draws Tue, 05 May 2026 00:54:02 GMT Steven Carlson Ransomware Hospital Ems Epcr Ed Notification Bed Status A lost phone with the ePCR app means the HIPAA 60-day clock starts immediately. MDM controls and encryption change the math. https://www.ironrodsecurity.com/blog/the-60-day-clock-hipaa-breach-when-the-medic-loses-the-phone https://www.ironrodsecurity.com/blog/the-60-day-clock-hipaa-breach-when-the-medic-loses-the-phone Mon, 04 May 2026 00:47:41 GMT Steven Carlson Hipaa Breach Notification Epcr Mdm Encryption Ems