NE Franklin News

The City of Columbus has identified a limited amount of protected health information (PHI) affected by a cyberattack on the Division of Fire's database. The breach, which was part of a July incident, involved less than 1,000 individuals' data.

The compromised database included dispatch records and brief notes about emergency medical services provided at fire call locations. Information may include names, addresses, dates of birth, service dates, and EMS service notes. A few Social Security numbers were also found in the PHI.

On December 12, 2024, it was discovered that this data could be considered PHI. A review followed to identify those affected. There is no evidence that the Division’s encrypted electronic medical record system or financial account information was compromised. The city has not found any misuse of personal information for identity theft or fraud.

The Division of Fire will notify affected individuals by mail. These individuals are eligible for two years of free Experian credit and dark web monitoring services with $1 million protection against fraud and identity theft. They have 90 days from receiving the letter to enroll.

This service remains available until March 31, 2025, for residents who shared their personal information with the city. Enrollment can be done at columbus.gov/cyber.

Department of Technology Director Sam Orth and legal representatives will brief Columbus City Council in an executive session tonight. The council will consider Ordinance 0297-2025 to review Criminal Justice Information Service data from databases involved in the cyberattack as part of the investigation.