Fedie responds to data breach

RITZVILLE — East Adams Rural Healthcare CEO Corey Fedie on Friday provided more information on the Sept. 12 security breach of hospital records.

In an initial notification following the incident posted on the hospital website, few details were released.

Fedie last week confirmed the hospital is working on the breach.

“Per our insurance company protocol, they have a list of experts that we can utilize,” he said of the breach. “But the name of the actual company, security companies, is not known or released at this time. What’s really important is this is still under investigation and we’re following the legal requirements to release what is known at this point.”

Fedie said the data that was hacked was “an assortment of business-related records... that could contain bits and pieces of different information, which is why we posted the notice. “As we get through those specific details, we will contact patients or others that might be related to that.”

The breach happened as the hospital data system was performing “a patch to our firewall system,” he said.

Security patches and updates are routine and apparently it was a coincidence of timing that the hacker stumbled onto a moment when the system was vulnerable due, Fedie said.

Fedie took issue with The Journal’s coverage of the security breach published Oct. 23.

The newspaper reached out to the hospital for comment and details on the month-old breach, but those attempts apparently never reached the CEO.

“I can verify from this cell phone, which is my work cell phone, and my desk cell phone, and my secretary’s cell phone, that I never received a single call,” Fedie said. “So, that’s a little disparaging.”

In its attempts to obtain information on the breach, the only response The Journal received from hospital employees was to go to the website and use the posted news release.

“I never even got the message,” Fedie said.

Moving on, Fedie said cyber attacks are unfortunately part of business today.

“Cyber attacks happen to healthcare organizations regularly these days, and it’s not a matter of if you’re going to be attacked, it’s just when,” he said. “We were fortunate to have a really good team that identified that someone was trying to gain access to our systems, and we shut it down before they could get very far. I think the community should know we have great people that identified it, but technology occasionally fails us.”

Fedie would not confirm or deny the hospital will change software vendors as a result of the breach.

“Unfortunately, there were some things that were accessed,” Ferdie said. “It was not patient medical records, but it’s possible business documents (were accessed). We’re taking steps to further secure our systems.”

Fedie said the hack did not lead to payment of any data ransom demand.

“The health and wellness and privacy of every aspect of what our healthcare organization does is of utmost importance... and there certainly have been lessons learned,” Fedie said. “We did a lot of the right things and we had a lot of the right things in place. It’s just sometimes hard to stay ahead of these bad actors, as they’re typically called.”

Fedie said he, the board, the administration and employees at East Adams Rural Healthcare take these things very seriously, “and we work hard every day to keep them safe and secure, and that will always be a part of what we do.”