Server Hack of Pasquotank-Camden EMS impacts 40,000 Patients

PCEMS (Pasquotank-Camden Emergency Medical Services) of North Carolina has discovered that hackers have infiltrated the server that housed their billing system, containing Protected Health Information (PHI) of patients. The hackers exploited the vulnerability in TriTech billing software of PCEMS.

Due to this intrusion, the hackers possibly gained access to extremely sensitive information of patients who had earlier received any kind of medical services from the PCEMS. The hacked server stored types of information including names, Social Security numbers, birth dates, and various medical information collected by the PCEMS.

In its initial notification, the Department of Health and Human Services informed that more than 20,200 patients were impacted by this incident. However, the health provider of the county recently updated and increased that number to around 40,000 patients, as per DailyAdvance.com.

An investigation has been launched with help from Soundside Group, an outside firm. The officials noted that Soundside Group also helps out the county provider in a previous cyberattack. Moreover, PCEMS immediately reported this breach to the Pasquotank County's Sheriff as well as federal law enforcement agencies.

As per the officials, the hacker has gained access on December 14, 2018, from a security gap in their server's billing software. The hacker has been able to trick IT team into believing that they were a regular user, thus giving them access to the patient records from 2005. However, most of the records dated back till 2010.

The hacker has erased files, but any ransom demand was not made. The officials further noted that none of the data was copied, however still the investigation about the security incident is going on. However, it was confirmed that this cyberattack originated from outside the United States.

No evidence has been found to indicate that the patients' PHI was stolen. Neither any report was received to suggest that patient information got misused while issuing the notification letters to the patients. However, since data theft cannot be ruled out, all the affected patients were offered 1 year of free identity theft protection and credit monitoring services by PCEMS.

At present, PCEMS is reviewing their cybersecurity protections; and will take steps to enhance the cybersecurity in order to prevent similar kind of breaches in future.

» SPAMfighter News - 4/1/2019