Allegheny Health Network reports a data breach involving IT vendor

Allegheny Health Network (AHN) disclosed today that a cybersecurity incident involving its IT vendor, IntraSystems, LLC, resulted in unauthorized access to systems supporting AHN’s Home Medical Equipment and Home Infusion subsidiaries. The breach, which began on October 11, 2024, was discovered by AHN on November 19, 2024.

According to AHN, the compromised systems hosted by IntraSystems contained sensitive patient information, which an unauthorized user accessed. The exposed data includes names, dates of birth, addresses, Social Security numbers, financial account numbers (excluding access codes), health insurance details, and specific health information such as diagnoses, treatment records, prescription details, and medical device serial numbers.

Upon learning of the breach, AHN and IntraSystems immediately secured the affected systems and prevented further unauthorized access. The systems were taken offline, and connections to other networks were severed as a precautionary measure. Law enforcement was notified, and a comprehensive investigation was launched.

AHN emphasized that it is unaware of any cases of identity theft or fraud stemming from the breach. To mitigate potential risks to affected individuals, AHN has directed IntraSystems to provide those impacted with free identity protection services, including credit monitoring.

The network also stated that corrective measures have been implemented to bolster security and prevent future incidents. These include enhanced system monitoring, additional security protocols, and a thorough review of vendor relationships and safeguards.

IntraSystems is notifying affected patients in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws. Individuals whose information may have been compromised have been encouraged to contact a dedicated hotline at 888-753-5582 for further assistance.