Allegheny Health Network data breach exposes personal health info

On November 19, 2024, Allegheny Health Network (AHN) discovered a cybersecurity incident that had led to unauthorized access to certain computer systems. This breach began on October 11, 2024, and involved systems hosted by a third-party service provider.

The unauthorized user managed to obtain data from these systems, which included sensitive patient information from AHN's Home Medical Equipment and Home Infusion services.

The breach affected 33 individuals in Massachusetts, as reported to the Massachusetts Attorney General's office. The compromised data included a range of personal and medical information, raising concerns about potential identity theft and fraud.

Information Exposed:

• First name
• Last name
• Address
• Telephone number
• Employee ID
• Employer
• Social Security number
• Health card number
• Health plan member number
• Dependent information (for general contact information only)
• Service type
• Diagnoses
• Prescription details
• Payment card information

In response to this breach, AHN took immediate action to secure patient information and halt unauthorized access. The affected systems were taken offline, and connections to other systems were severed to prevent further unauthorized access. Law enforcement was notified, and AHN has been proactive in informing affected individuals.

AHN is offering complimentary credit monitoring and identity protection services to those impacted by the breach. Affected individuals are encouraged to enroll in these services to help protect their personal information. Additionally, AHN advises all affected parties to remain vigilant against identity theft and fraud by regularly monitoring their accounts, medical bills, and credit reports for any suspicious activity.