Massive Data Breach Hits Healthcare Organizations in New York and Pennsylvania

The personal and health information of over 430,000 individuals was compromised in October and November 2024 data breaches at Allegheny Health Network (AHN) and University Diagnostic Medical Imaging (UDMI).

UDMI, a medical imaging center in New York, says threat actors accessed certain information on its systems for a brief period on November 26, before the suspicious activity was discovered.

The hackers, which it did not name, accessed personal information such as names, addresses, dates of birth, referring physicians, and diagnosis and treatment information.

The imaging center informed the US Department of Health and Human Services (HHS) that 138,080 individuals were impacted by the data breach.

The Pittsburgh, Pennsylvania-based AHN told the HHS that 292,773 patients were affected by a data breach resulting from an October 2024 cyberattack on third-party contractor IntraSystems, responsible for hosting certain systems for AHN's subsidiaries Home Medical Equipment and Home Infusion.

The hosted systems contained patient information such as names, addresses, dates of birth, Social Security numbers, health insurance information, treatment information, prescription information, and financial account numbers.

AHN says IntraSystems notified it of the incident on November 19, more than a month after hackers gained access to its systems, on October 11.

IntraSystems is sending written notifications to the impacted individuals on behalf of AHN, providing them free identity protection and credit monitoring services.

Evolving Cyber Threats in Healthcare

This latest wave of cyberattacks highlights the ongoing vulnerabilities within the healthcare sector. Cybercriminals are increasingly targeting medical institutions due to the vast amounts of sensitive data they store. The breaches at UDMI and AHN demonstrate the risks associated with third-party service providers and the urgent need for enhanced cybersecurity measures.

How the UDMI Breach Occurred

On November 26, 2024, unauthorized access to UDMI's systems was detected. The attackers infiltrated the network and accessed patient records before security teams could contain the breach. While the exact method of entry remains undisclosed, cyber experts suspect phishing emails or exploited software vulnerabilities played a role.

Following the breach, UDMI launched an internal investigation and collaborated with cybersecurity experts to assess the scope of the damage. Impacted individuals were notified, and steps were taken to reinforce security measures. However, the exposure of medical diagnosis and treatment details raises significant concerns about patient privacy.

AHN Data Breach Linked to Third-Party Vulnerabilities

The AHN breach, which affected nearly 300,000 patients, underscores the dangers of relying on third-party vendors for data management. The breach originated from a cyberattack on IntraSystems, which hosts data for AHN's subsidiaries. Hackers infiltrated IntraSystems' servers on October 11, but the breach wasn't reported to AHN until November 19, allowing attackers ample time to exfiltrate sensitive patient information.

The delay in notification has sparked criticism, as timely reporting could have mitigated potential misuse of the stolen data. Patients impacted by the breach now face the risk of identity theft, fraud, and unauthorized access to medical records.

• What Information Was Stolen?
• The exposed data from these breaches includes:
• Names and Addresses - Making victims susceptible to identity theft.
• Dates of Birth - Essential information for identity verification.
• Social Security Numbers (AHN Breach) - A key target for financial fraud.
• Health Insurance Details - Could be exploited for fraudulent claims.
• Diagnosis and Treatment Information - A significant privacy concern.
• Prescription Information (AHN Breach) - Potentially used for medical fraud.
• Financial Account Numbers (AHN Breach) - Increasing risks of financial fraud.

Impact on Patients and Next Steps

Affected individuals are at heightened risk of fraud and identity theft. Cybercriminals could use the stolen data to create fraudulent medical records, commit insurance fraud, or engage in other malicious activities. Healthcare organizations must ensure robust security protocols to prevent such breaches in the future.

• Both UDMI and AHN have taken steps to mitigate the damage. Free identity protection and credit monitoring services are being offered to impacted patients, and security enhancements are being implemented to prevent future incidents.
• How Patients Can Protect Themselves
• If you suspect your data has been compromised in a breach, take the following steps:
• Monitor Credit Reports: Regularly check for any unusual activity or unauthorized accounts.
• Enable Fraud Alerts: Notify credit bureaus to flag potential identity theft.
• Use Identity Protection Services: Take advantage of the free credit monitoring services offered.
• Review Medical Records: Ensure no fraudulent medical claims have been filed under your name.
• Beware of Phishing Scams: Cybercriminals may use stolen data to craft convincing phishing emails.

Strengthening Cybersecurity in Healthcare

• These breaches emphasize the urgent need for stronger cybersecurity measures within healthcare institutions. Organizations must:
• Implement Stronger Access Controls: Restrict access to sensitive data and enforce multi-factor authentication.
• Regularly Audit Third-Party Vendors: Ensure compliance with strict security policies.
• Improve Incident Response Plans: Reduce response time to breaches and minimize data exposure.
• Encrypt Sensitive Data: Use encryption protocols to protect data both in transit and at rest.
• Educate Employees on Cyber Threats: Conduct regular cybersecurity training to prevent phishing attacks and insider threats.

Conclusion

The UDMI and AHN breaches serve as a stark reminder of the vulnerabilities within the healthcare sector. With cybercriminals increasingly targeting medical institutions, it is imperative to adopt proactive security measures. Patients must remain vigilant and take necessary precautions to protect their personal information, while healthcare providers must prioritize cybersecurity investments to safeguard sensitive data from future attacks.