Blog
EMS Cybersecurity Insights & Resources
Public-Safety Cyber Mutual Aid: The Idea Whose Time Has Come
How neighboring agencies can share incident response capacity the same way they share apparatus, with the legal and BAA structure that makes it work.
The Year-One Cybersecurity Plan for a New EMS Director
A 12-month roadmap for an EMS director inheriting an unknown security posture: what to assess, fix, budget for, and leave alone.
The Vendor Subprocessor Problem: When Your ePCR Vendor's Vendor Has Your PHI
Your ePCR vendor's BAA doesn't cover their subprocessors. Here is what to demand in your next contract.
Charging Stations and Lockboxes for Issued Phones and Tablets: Physical Security That Carries HIPAA Weight
A tablet with an open ePCR session in an unsecured charging bay is a HIPAA exposure waiting to happen. Here is the hardware and policy fix.
Apparatus Bay Wi-Fi Is Not Station Wi-Fi: A Network Segmentation Story
Why the network the trucks join when they park needs to be different from the office network the chief uses.
NEMSIS Data Submission and PHI Exposure — What Your Vendor Sends and Why You Should Verify It
Your ePCR vendor transmits full PHI through the NEMSIS V3 pipeline. The narrative field is an unguarded re-identification risk most agencies never audit. Here is how to validate the payload.