A Scranton cardiology group’s computer network was breached by hackers, potentially compromising the private data of 181,764 patients and others, as announced by Commonwealth Health System.
This incident is the latest in a string of breaches targeting medical providers in Northeast Pennsylvania, including Commonwealth Health hospitals. The breach occurred on February 2 but remained undetected until April 13, prompting a two-month forensic investigation to identify those affected. The compromised information includes personal details such as names, addresses, dates of birth, Social Security numbers, credit card information, and medical records.
Commonwealth Health spokeswoman Annmarie Poslock stated that there are no indications that the hackers have used the information obtained. The cardiology group disconnected its network from the internet, disabled VPN access, and reported the incident to law enforcement. The investigation revealed that the hackers used a “brute force” access attempt, where specialized software generates passwords until one successfully grants entry.
The affected individuals were notified by mail, and a notice about the breach was posted on the Commonwealth Health Physicians Network website.
To assist affected individuals, the system is offering free access to Experian IdentityWorks SM for 24 months, providing identity restoration and credit monitoring services. Contact information and details about signing up for these services can be found in the letters mailed to individuals and on the GVC website.
This breach adds to a series of recent cybersecurity incidents in Northeast Pennsylvania, including breaches involving Commonwealth Health, the Northeast Behavioral Health Care Consortium, Maternal & Family Health Services Inc., and Lehigh Valley Health Network’s Delta Medix locations. Safeguarding patient information remains a priority, and Commonwealth Health regrets any inconvenience caused to patients by this situation.