Columbus, OH – The City of Columbus has identified a limited amount of protected health information (PHI) impacted by the July 2024 cyberattack, according to an update from city officials.
Less than 1,000 individuals were affected, with their data found within a Division of Fire database that stored dispatch records and emergency medical service (EMS) notes.
In a press statement, City officials confirmed that while some records contained personal identifiers—such as names, addresses, dates of birth, and dates of service—only a very small number of Social Security numbers were present. Importantly, the Division of Fire’s encrypted electronic medical record (EMR) system, which houses comprehensive treatment records, was not compromised. Additionally, there is no evidence suggesting that financial account information was involved or that the stolen data has been misused for identity theft or fraud.
The discovery of PHI in the compromised database was made on December 12, 2024, prompting a thorough review to identify affected individuals. As a precautionary measure, the city will notify those impacted via mail and provide access to two years of free Experian credit monitoring and dark web surveillance services, including $1 million in identity theft protection. Eligible individuals will have 90 days from the receipt of their notification letter to enroll in these services.Columbus residents and others who may have shared personal information with the city are reminded that they can still register for free monitoring services at columbus.gov/cyber until March 31, 2025.
Meanwhile, Columbus City Council is set to receive a confidential briefing tonight from Department of Technology Director Sam Orth and legal representatives from Dinsmore and Vorys. The council will also deliberate on Ordinance 0297-2025, which would authorize the review of Criminal Justice Information Service (CJIS) data housed in several affected databases as part of the ongoing investigation.As cities across the nation grapple with the growing threat of cyberattacks, Columbus’ response highlights the importance of transparency, cybersecurity vigilance, and proactive support for residents affected by data breaches. The city continues to work with cybersecurity experts to fortify its systems and prevent future incidents.
