Cyberattack on EMS compromised 40K patient records

Sparty Hammett Pasquotank Manager

By Jon Hawley
Staff Writer

Thursday, February 28, 2019

December’s cyberattack against Pasquotank-Camden Emergency Medical Services compromised more than 40,000 patient records, Pasquotank County Manager Sparty Hammett said Wednesday.

The hacker erased files but made no demands of the county, Hammett said. He also said there’s no evidence the records were copied or used against anyone, but the hack remains under investigation.

The hack originated outside the United States, Hammett said, but he declined to specify where.

The attack occurred on Dec. 14, and Hammett first disclosed it about a week later. Following more than two months of investigation, he was able to provide more information Wednesday.

Responding to the hack, Hammett said he immediately involved the Soundside Group, who assisted the county with its last cyberattack, as well as the Pasquotank County Sheriff’s Department and the county’s insurance carrier.

Hammett said the hacker exploited a vulnerability in the county’s billing software, provided by the company TriTech, and tricked it into considering the hacker a normal user. That allowed the hacker to access records as far back as 2005, though most dated back to 2010, Hammett said.

Some of the text files the hacker viewed were thousands of pages long, Hammett said, making it a long process to review what information had been compromised, who should be notified, and how. 

The county is legally required to notify the potential victims, he said, and is offering them protection against identity theft. A notice he provided states that the firm ID Experts will offer free credit monitoring and other services to everyone affected by the attack. The deadline to enroll in its services is May 26. People may call the company at 800-374-9013 to determine their eligibility, the notice also states.

Hammett said TriTech was not aware of the vulnerability, and has closed it. Hammett also said the county continues reviewing all its software for vulnerabilities, and the Soundside Group has tested its cyber-defenses following the attack.

Going forward, Hammett also said the county may move EMS data to TriTech’s cloud, rather than store it locally, or switch to another software entirely.

Hammett also said the breach wasn’t due to problems with the $100,000-plus the county spent on cyber-security following a more severe cyberattack in May. The hacker exploited TriTech’s software to gain access as a normal user, he reiterated.

Also present for Wednesday’s interview were County Attorney Mike Cox and EMS Director Jerry Newell. Newell said the data breach did not hinder ambulance response, and the agency was able to quickly restore the lost data.

As he said after the last cyberattack, Hammett said Pasquotank and other governments cannot prevent all hacking, but they can make it as difficult as possible and limit the damage caused. The county continuously works to improve security, he added.