On January 17, 2025, Allegheny Health Network (AHN) filed a notice of data breach with the Attorney General of Massachusetts after discovering that an incident at its third-party vendor, IntraSystems, LLC, resulted in unauthorized access to sensitive patient information. The breach, which took place between October 11 and November 19, 2024, affected AHN patients, particularly those who received Home Medical Equipment and Home Infusion therapy services. The compromised data includes names, dates of birth, Social Security numbers, health insurance information, medical treatment details, and financial account numbers. AHN promptly initiated an investigation and began sending out data breach notification letters to individuals whose information was impacted.
The breach occurred due to a cybersecurity incident at IntraSystems, LLC, which manages and secures certain systems for AHN. Upon learning of the breach, AHN worked closely with the vendor to assess the extent of the unauthorized access. Not all AHN patients were affected, but those who received services from AHN’s Home Medical Equipment and Home Infusion therapy programs had their data exposed. This breach underscores the importance of securing third-party vendor relationships, particularly in the healthcare sector, where patient data is a prime target for cybercriminals.
AHN, based in Pittsburgh, Pennsylvania, is a large integrated healthcare system that provides a broad range of services
Including oncology, cardiology, and orthopedic care. It operates hospitals, outpatient centers, and specialty care practices throughout western Pennsylvania. AHN is affiliated with Highmark Health, a major health insurer, and employs around 21,000 individuals. With an estimated $4 billion in annual revenue, the network serves a significant portion of the region’s healthcare needs, making the breach a critical concern for both the organization and its patients.
As part of its response to the breach, AHN has sent out letters to affected individuals with detailed information on the incident, including a list of compromised data. The organization is also committed to reviewing and enhancing its cybersecurity protocols to prevent similar incidents in the future. While the investigation into the breach is ongoing, AHN’s efforts to protect patient data and improve its security infrastructure are crucial steps in restoring public trust and safeguarding sensitive healthcare information.
Reference: