WebEOC prior to 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation.
esi products webeoc