Allegheny Heath Network
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Allegheny Health Network (AHN), a large healthcare provider network based in Pittsburgh, Pennsylvania, experienced a significant data breach due to a phishing attack. On May 31, 2022, an unauthorized actor sent a malicious phishing email to an AHN employee, who clicked on a link contained within the email. This action allowed the unauthorized party to gain access to the employee’s email account, which contained sensitive patient information. The breach was discovered on June 1, 2022, and AHN promptly shut down the compromised email account and began working with outside cybersecurity professionals to investigate the incident[1][4][7][9].
The data breach affected approximately 8,000 patients, compromising a variety of personal and medical information. The information potentially accessed by the unauthorized party includes patients’ names, dates of birth, dates of service, medical record/ID numbers, clinical information such as medical history, conditions, treatments, and diagnoses, addresses, patient phone numbers, driver’s license numbers, and email addresses. In some cases, financial account information and Social Security numbers were also compromised[1][4][7][9].
In response to the breach, AHN began sending out data breach letters to all individuals whose information was compromised, informing them of the incident and advising them on how to protect themselves from identity theft and other potential frauds. AHN and its parent company, Highmark Health, have not discovered any evidence to date that the data potentially accessed has been used fraudulently. AHN is offering two years of Experian identity protection and monitoring services to those affected by the breach[1][7].
Phishing attacks, like the one experienced by AHN, are a common type of cyberattack and have been a significant source of data breaches in recent years. These attacks do not require the hacker to breach a company’s network but instead rely on deceiving an employee into providing access to sensitive information. Organizations are encouraged to implement strict training programs to educate employees on detecting potentially fraudulent emails and employ state-of-the-art data security systems to prevent or mitigate the impact of such attacks[1].
AHN is owned and operated by Highmark Health, an $18 billion healthcare company that employs more than 21,000 people and generates approximately $3 billion in annual revenue. AHN consists of multiple locations and practices, including Allegheny General Hospital, Allegheny Valley Hospital, and several others across Pennsylvania[1].
Citations:
- https://www.jdsupra.com/legalnews/allegheny-health-network-announces-data-2112776/
- https://www.hipaajournal.com/data-breaches-reported-by-jefferson-health-and-allegheny-health-network-home-infusion/
- https://www.meadvilletribune.com/news/health-data-breach-may-impact-1-300-meadville-medical-center-patients/article_a027be16-6d38-11ee-ba82-9386bf89de2c.html
- https://triblive.com/local/regional/thousands-affected-in-allegheny-health-network-data-breach/
- https://www.turkestrauss.com/2022/08/01/allegheny-health-network-data-breach-investigation/
- https://www.hipaajournal.com/july-2023-healthcare-data-breach-report/
- https://www.wpxi.com/news/business/ahn-reports-data-breach/FI67ZWLNJ5FGPKL7VIW4M7VQUQ/
- https://healthitsecurity.com/news/vendor-data-breach-impacts-1.7m-oregon-health-plan-members
- https://healthitsecurity.com/news/phishing-attack-at-allegheny-health-network-impacts-8k
- https://www.wpxi.com/news/local/allegheny-county-warns-residents-after-data-breach/TNP7NSGLB5BVBG6CCN4BBXJFOE/
- https://www.cbsnews.com/pittsburgh/news/data-breach-potentially-exposes-names-and-medical-history-of-ahn-patients/
- https://www.post-gazette.com/business/healthcare-business/2023/02/24/butler-health-system-excela-health-bond-ratings-fitch-moodys/stories/202302240069
- https://www.post-gazette.com/news/crime-courts/2022/07/29/data-breach-allegheny-health-network-8-000-patients-highmark-health/stories/202207290096
- https://www.hipaajournal.com/data-breaches-reported-by-allegheny-health-network-st-lukes-health-system-goldsboro-podiatry/
- https://www.ahn.org/about/notice-of-privacy-practices