Allegheny Health Network Announces Data Breach of 8,000 Users Following Email Phishing Attack | Console and Associates, PC


In the year July 29, 2022 Allegheny Health Network has confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive user information on the AHN network through a phishing attack. According to AHN, the breach resulted in patients’ names, dates of birth, years of service, medical record/identification numbers, clinical information such as medical history, condition, treatment and diagnosis, addresses, patient phone numbers, driver’s license numbers and email. An estimated 8,000 patient addresses are being affected. AHN recently sent data breach letters to all affected parties explaining the damage and what they can do to protect themselves from identity theft and other fraud.

If you receive a data breach notification, it’s important to understand what’s at stake and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Allegheny Health Network data breach, please see our recent report on the topic. over here.

More information about the Allegheny Health Network phishing attack and data breach

According to an announcement posted on the company’s website, on May 31, 2022, an unauthorized actor sent a malicious phishing email containing a link to an Allegheny Health Network employee. The employee clicked the link, allowing an unauthorized party to access the employee’s email address. In doing so, the hacker gained access to sensitive patient information in the employee’s email account. It wasn’t until June 1, 2022 that AHN discovered the unauthorized access.

In response, Allegheny Health Network shut down the compromised email account, secured its IT systems, and then began working with cybersecurity experts to investigate the issue. The company’s investigation revealed that an unauthorized party was able to access the protected health information of patients in the affected email accounts.

After Allegheny Health Network discovered that sensitive consumer information was accessible to an unauthorized party, it reviewed the affected files to determine what information was compromised and which consumers were affected. Breached information varies by individual, but may include your name, date of birth, date of service, medical record/identification number, clinical information such as medical history, condition, treatment and diagnosis, address, phone number, driver’s license. number and email address.

In the year On July 29, 2022, Allegheny Health Network began sending data breach letters to all individuals whose information was compromised as a result of a recent data security incident.

Allegheny Health Network is a large healthcare provider network based in Pittsburgh, Pennsylvania. The Allegheny Health Network consists of several locations and practices, including:

  • Allegheny General Hospital

  • Allegheny Valley Hospital

  • Brentwood Neighborhood Hospital

  • Canonsburg Hospital

  • Forbes Hospital

  • AHN Grove City

  • Harmar Sefer Hospital

  • Hempfield Neighborhood Hospital

  • Jefferson Hospital

  • McCandless Neighborhood Hospital

  • St. Vincent’s Hospital

  • West Penn Hospital

  • Westfield Memorial Hospital

  • Wexford Hospital

Allegheny Health Network is owned by Highmark Health, an $18 billion health care company and several other health care practices and hospitals. Allegheny Health Network employs more than 21,000 people and generates nearly $3 billion in annual revenue.

Malicious phishing emails: a tool of choice among cybercriminals

Allegheny Health Network said in a notice posted on the company’s website that the recent data breach was the result of a phishing email. In recent months, a large number of healthcare providers have fallen victim to email phishing campaigns, resulting in millions of users’ information falling into the hands of hackers. In fact, phishing is a very common form of cyber attack and has been for some time. For example, between 2019 and 2021, more than a third of all data breaches will be the result of a successful email phishing attack.

Unlike ransomware attacks, phishing attacks do not require a hacker to breach a company’s network. Instead, hackers send a legitimate-looking email to a company employee to either trick the employee into providing information they need to access the employee’s email account, or click on a malicious link that downloads malware to the employee’s device. Either way, phishing attacks are highly preventable because they rely on tricking the employee into thinking the email is legitimate.

Of course, employees cannot be held responsible if they are not properly trained in how to spot a potentially fraudulent email. This is where the company’s obligations are fulfilled. Organizations should implement rigorous training programs to educate employees not only about the dangers of phishing emails, but also how to recognize the telltale signs that an email is fraudulent. For example, hackers typically send phishing emails to domain names that are similar—but not identical—to the organization’s actual name. For example, an email may appear valid if it comes from the ahn.com domain. However, the address for Allegheny Health Network is ahn.org.

Additionally, companies that employ modern information security systems can prevent these emails entirely or at least have a mechanism to quickly detect a breach. While these measures can be costly for organizations, they are essential when doing business in today’s environment where phishing attacks are rampant.



Source link

Leave a Reply

Your email address will not be published.

5 × 2 =