Allegheny Health Network Home Infusion Patients Affected by Ransomware Attack on Vendor
Pittsburgh, PA-based Allegheny Health Network Home Infusion has been notified about a ransomware attack on one of its vendors, Vantage Healthcare Network, Inc.
On October 17, 2021, Vantage detected suspicious activity within its network and engaged a third-party cybersecurity firm to investigate the security breach. AHN Home Infusion was informed on November 22, 2021, that the systems accessed by the ransomware gang contained patient data, some of which had been exfiltrated by the attackers prior to file encryption.
AHN Home Infusion conducted its own investigation alongside Vantage to determine which patients had been affected, and the types of information that had been compromised and has confirmed the following types of information had potentially been accessed or exfiltrated in the attack:
Names, billing information, nurse’s notes, patient referral information, prescriptions, treatment and therapy records, medical device orders, scheduling information, and a small number of Social Security numbers. AHN Home Infusion said the investigation into the attack and the document review is ongoing. So far there are no indications that any patient information has been or will be misused.
Vantage has confirmed it has restored all data encrypted in the attack. Individuals whose Social Security numbers have been compromised will be offered complimentary credit monitoring services. The breach has been reported to the HHS’ Office for Civil Rights as affecting 7,500 patients.
Hacker Gained Access to Jefferson Health Insurance Portal
Philadelphia, PA-based Jefferson Health has discovered unauthorized individuals gained access to an online health insurance portal that was used to submit billing information for payment. The breach occurred on November 18, 2021, and the attacker attempted to divert wire payments intended for Jefferson Health.
On November 22, 2021, Jefferson Health discovered the attacker had obtained a remittance sheet that included the billing information of 5,239 patients of Thomas Jefferson University Hospital and 3,475 patients of Abington Memorial Hospital. The remittance sheet included names, month and year of birth, date(s) of service, treatment codes, and treatment costs. No Social Security numbers, health insurance information, financial account information, or other treatment information were compromised.
Jefferson Health has sent notification letters to affected individuals and said it is reviewing and enhancing its security protocols.
The post Data Breaches Reported by Jefferson Health and Allegheny Health Network Home Infusion appeared first on HIPAA Journal.