Cyber Incident Victim: Pasquotank-Camden Emergency Medical Service
Date:
Dec 2018
Location:
United States of America
Summary
An unauthorized intrusion compromised Pasquotank-Camden Emergency Medical Service's systems via a vulnerability in third-party billing software, allowing the attacker to pose as a legitimate user and access protected health information dating back over a decade. The hacker erased files but did not exfiltrate data or issue ransom demands. The breach impacted approximately 40,000 individuals, whose notifications were delayed due to the complexity of reviewing extensive compromised files. The affected software vendor addressed the previously unknown vulnerability, and the organization restored operational data swiftly without disrupting emergency services. Credit monitoring and restoration services were offered to potentially affected patients, while the county evaluated transitioning to cloud-based systems or alternative software solutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 14, 2018, Pasquotank-Camden Emergency Medical Service in North Carolina experienced a hacking incident involving unauthorized access to its systems by an intruder located outside the United States. The breach was detected in late December 2018 during routine monitoring, prompting an immediate investigation. Forensic analysis revealed the attacker exploited a previously unknown vulnerability in the county’s TriTech billing software, bypassing security controls by impersonating a legitimate user. This access enabled the intruder to view protected health information stored in files dating back to 2005, with most records originating from 2010 onward. The hacker erased certain files during the intrusion but did not issue any ransom demands. County Manager Sparty Hammett confirmed the compromised data included extensive text files spanning thousands of pages, significantly complicating the review process to identify impacted individuals and specific data elements. Initial reports to the U.S. Department of Health and Human Services cited 20,420 affected patients, though subsequent statements by the county revised this figure to approximately 40,000 individuals.
Pasquotank-Camden EMS initiated containment measures upon discovery, collaborating with TriTech to remediate the software vulnerability, which the vendor had not previously identified. The county restored erased data promptly using backups, ensuring no disruption to ambulance response operations according to EMS Director Jerry Newell. Between January and February 2019, notification letters were dispatched to all potentially affected individuals, offering 12 months of complimentary credit monitoring and restoration services. The county attributed its effective response partially to lessons learned from a prior cyberattack in May 2018, which had strengthened their incident response protocols. Post-incident evaluations included consideration of migrating EMS data from local servers to TriTech’s cloud environment or transitioning to alternative software platforms. No evidence of data exfiltration or misuse was identified during the investigation, though the breach exposed sensitive patient information spanning over a decade of records.