Posted On August 5, 2022 Consumer Privacy & Data Breaches
August 5, 2022 – On July 29, 2022, Allegheny Health Network (“AHN”) reported a data breach stemming from a successful email phishing attack. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the patients’ names, dates of birth, dates of service, medical record/ID numbers, clinical information such as medical history, conditions, treatments and diagnoses, addresses, patient phone numbers, driver’s license numbers and email addresses. After confirming that consumer data was leaked, AHN began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the AHN data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Allegheny Health Network.
According to a notice posted on the company’s website, on May 31, 2022, an unauthorized actor sent an Allegheny Health Network employee a malicious phishing email containing a link. The employee evidently clicked on the link, resulting in the unauthorized party gaining access to the employee’s email account. In doing so, the hacker also gained access to the sensitive patient information contained in the employee’s email account. It was not until June 1, 2022 that AHN discovered the unauthorized access.
In response, Allegheny Health Network shut down the compromised email account, secured its IT system, and then began working with outside cybersecurity professionals to investigate the incident. The company’s investigation confirmed that the unauthorized party was able to access patients’ protected health information that was contained in the affected email account.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Allegheny Health Network then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, date of birth, dates of service, medical record/ID number, clinical information such as medical history, condition, treatment and diagnosis, address, phone number, driver’s license number and email address.
On July 29, 2022, Allegheny Health Network began sending out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Allegheny Health Network
Allegheny Health Network is a large healthcare provider network based in Pittsburgh, Pennsylvania. The Allegheny Health Network consists of multiple locations and practices, including:
Allegheny Health Network is owned and operated by Highmark Health, an $18 billion healthcare company that owns several other healthcare practices and hospitals. Allegheny Health Network employs more than 21,000 people and generates approximately $3 billion in annual revenue.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the AHN data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Allegheny Health Network:
The incident in question occurred on May 31, 2022 through June 1, 2022, and was discovered on June 1, 2022, whereby an employee was sent a malicious phishing email link that led to their email account being compromised. A threat actor obtained access to files that may have contained the protected health information (PHI) of select patients.
AHN and Highmark Health responded immediately to the incident and shut down the compromised mailbox, implemented preventative and monitoring controls, implemented network blocking, reset passwords and engaged a vendor supporting the network’s email environment to assist with implementing additional preventive controls to enhance its security posture and email security controls. AHN also is working with a third-party digital forensics firm to determine the full extent of the breach.
AHN and Highmark Health have not discovered any evidence to date that data potentially accessed because of this incident has been used fraudulently. AHN patients whose information may have been compromised are being notified by mail this week. Information potentially disclosed includes patient name, date of birth, dates of service, medical record/ID number, clinical information such as medical history, condition, treatment and diagnosis, address, patient phone number, driver’s license number and email address. There were a small number of instances where social security numbers and financial account information may have been accessed, and AHN is offering two years of identity protection and monitoring services through Experian, at no cost, to affected individuals.
“At AHN and Highmark Health, safeguarding the privacy and security of patient and member information is our highest priority, and we sincerely regret any concern or inconvenience this breach may cause to those who are impacted by it,” said Dan Laurent, AHN Vice President, Corporate Communications. “As always, we will also use this incident as a learning opportunity to assess our robust cyber security protocols and consider additional measures and resources that will help to further strengthen our data security moving forward.”
Patients with questions can contact AHN’s Privacy Department at 1-800-985-2050 or via email at firstname.lastname@example.org.