No sign patient information leaked

There’s nothing to suggest patients’ confidential information has been compromised after a cybersecurity incident forced Peterborough County-City Paramedics’ data collecting software system to be shut down earlier this week, says Chief Randy Mellow.

“There’s absolutely no evidence that this incident has caused any medical or personal information to be compromised,” Mellow told The Examiner.

On the evening of Nov. 14, ESO, a Texas-based company that provides record management system software, allowing emergency responders and paramedic agencies — including Peterborough Paramedics — to capture and collect patient data, received an alert from its security team.

Six months ago, ESO, which has offices in Toronto and Halifax, acquired the company Interdev, inheriting dozens of customers — mainly Ontario-based paramedic agencies, including Peterborough Paramedics.

“Unauthorized access” was made to the system, prompting ESO to take the whole Interdev platform off-line in an effort to halt further breaches and protect customers’ sensitive data. Peterborough Paramedics is one of many agencies in the province impacted by the shutdown, according to ESO vice-president of corporate communications Andy Prince.

When paramedics respond to a medical emergency, they record patient information, captured through the Interdev system, which is then sent to hospitals.

“We’ve since brought in a third-party forensic team to help us make a deep dive analysis into the platform to make sure nothing else happened,” Prince told The Examiner.

Based on the ongoing probe, Prince reiterated there’s no indication at this time that a data breach occurred, adding there’s nothing to suggest ransomware or malware was put on the system.

As ESO continues its investigation, Prince said it’s looking to answer a number of questions, including how the “unauthorized access” attempt was made and whether or not any compromises could have occurred that haven’t yet been uncovered.

Amid the system shut down, ESO is also striving to ensure Peterborough Paramedics and other agencies impacted by the incident are able to continue to stay operational and serve communities.

Despite the system shutdown, Mellow said Peterborough Paramedics’ 911 emergency responses and front-line services have not been impacted.

But the service has been forced to use alternatives when collecting and storing patient data, relying on the use of mobile devices that are not connected to the impacted network.

While the service has always used mobile devices, emergency responders, for the time being, are not uploading collected data to the Interdev platform, said Mellow. Instead, patient data collected is currently being stored and encrypted on mobile devices while they wait for the system to get up and running again. This is causing some “minimal” to moderate” disruptions to day-to-day operations and administrational work, Mellow said.

Scheduling, which is automated under the shut down system, has been affected.

“We’ve had to work to manually to ensure we’re continuing the scheduling and payroll and things like that. So it affects our staff scheduling and the movement of data to the central server. But our priority is to continue the 911 responses and it’s not affecting that in that way,” explained Mellow.

At this time, the source of Monday’s “unauthorized access” remains undetermined, according to Prince.

“We’re not ruling anything out. Is it internal? Who knows? Is it China or Russia? No idea. We’re considering all possibilities as we do our analysis,” he said.

The threat of ransomware or malware creeping into the system following the unauthorized access incident was a factor in ESO’s decision to pull the platform off-line, he said.

Healthcare providers and agencies dealing with sensitive patient data are increasingly becoming big targets for “bad actors” — a trend ESO has taken seriously over the last few years, investing big bucks to get in front of the growing problem, Prince said.

“It could be, hey, let me take some patient data and go sell it on the darkweb; let me reach out to the health-care system and say we’ll release it for $1 million. We consider every possible scenario. We don’t know yet, and we may not know because if it was stopped before anything could be done, we may not have an indication of what they were trying to do,” said Prince.

Prince said there’s no timeline yet on when Interdev will be brought back online. “The team wants to complete the full forensic investigation; see what’s there and that will then help us determine how quickly we can bring the system back online.”

In the meantime, he said ESO is remaining in close contact with the service, updating the emergency responders through daily briefings.

Mellow said the cybersecurity incident is troubling.

“(Cybersecurity attacks) remain a concern for us and have been identified as a hazard and risk for the service and for municipalities.”

Northumberland Paramedics, a regional agency affected by the incident, is also working with ESO as the forensic investigation continues.

Brendan Burke is a staff reporter at the Examiner, based in Peterborough. His reporting is funded by the Canadian government through its Local Journalism Initiative.

Brendan Burke, Local Journalism Initiative Reporter, The Peterborough Examiner