Allegheny Health Network’s media relations team is dedicated to providing reporters and other members of the news media with the assistance they need.
AHN notifies patients about data breach
PITTSBURGH - Allegheny Health Network (AHN) recently became aware of a data security incident affecting approximately 8,000 patients.
The incident in question occurred on May 31, 2022 through June 1, 2022, and was discovered on June 1, 2022, whereby an employee was sent a malicious phishing email link that led to their email account being compromised. A threat actor obtained access to files that may have contained the protected health information (PHI) of select patients.
AHN and Highmark Health responded immediately to the incident and shut down the compromised mailbox, implemented preventative and monitoring controls, implemented network blocking, reset passwords and engaged a vendor supporting the network’s email environment to assist with implementing additional preventive controls to enhance its security posture and email security controls. AHN also is working with a third-party digital forensics firm to determine the full extent of the breach.
AHN and Highmark Health have not discovered any evidence to date that data potentially accessed because of this incident has been used fraudulently. AHN patients whose information may have been compromised are being notified by mail this week. Information potentially disclosed includes patient name, date of birth, dates of service, medical record/ID number, clinical information such as medical history, condition, treatment and diagnosis, address, patient phone number, driver’s license number and email address. There were a small number of instances where social security numbers and financial account information may have been accessed, and AHN is offering two years of identity protection and monitoring services through Experian, at no cost, to affected individuals.
“At AHN and Highmark Health, safeguarding the privacy and security of patient and member information is our highest priority, and we sincerely regret any concern or inconvenience this breach may cause to those who are impacted by it,” said Dan Laurent, AHN Vice President, Corporate Communications. “As always, we will also use this incident as a learning opportunity to assess our robust cyber security protocols and consider additional measures and resources that will help to further strengthen our data security moving forward.”
Patients with questions can contact AHN’s Privacy Department at 1-800-985-2050 or via email at integratedriskandprivacyops@highmarkhealth.org.
###