Blog
EMS Cybersecurity Insights & Resources
Vendor Risk Management for Small EMS Agencies Without a CISO
How to manage vendor risk for a small EMS agency without a CISO. A lean 80-20 approach focusing on the vendors that handle PHI and keep the trucks running.
The 60-Day Clock: HIPAA Breach When the Medic Loses the Phone
A lost phone with the ePCR app means the HIPAA 60-day clock starts immediately. MDM controls and encryption change the math.
Don't Click That Link: Email Phishing Targeting EMS Agencies for Payroll and Patient Data
EMS agencies are prime targets for phishing attacks targeting payroll and patient data. Here is how to stop them.
AI, HIPAA, and EMS ePCR Narrative Risk
Using personal AI accounts to draft EMS ePCR narratives creates HIPAA exposure, weak provenance, and patient record integrity risk that agencies need to stop now.
CAD-to-ePCR Interfaces and the Quiet HIPAA Risk
The CAD-to-ePCR bridge is often the weakest HIPAA control in EMS. Here’s where the PHI risk actually lives and what a defensible design looks like.
PHI Encryption and Post-Quantum Risk for EMS
Fire and EMS agencies need stronger PHI encryption planning now, including vendor pressure and post-quantum readiness before harvested data becomes readable.
PHI on the Mobile Data Terminal
The MDT is one of the most exposed PHI endpoints in EMS. Here is the threat model, the hardening plan, and the NEMSIS gaps most agencies miss.
Your ePCR Vendor's BAA Probably Isn't Enough
Most ePCR BAAs meet the vendor's minimum, not yours. Here are the clauses and redline questions EMS agencies should send back before signing.