Cyber Incident Victim: Englewood Health

On February 14, 2022, Englewood Health detected that an unauthorized third party had compromised an employee's username and password, granting illicit access to its network. The New Jersey-based health system immediately launched an investigation upon discovering the credential compromise. Forensic analysis revealed the intruder accessed protected patient information during a brief window of unauthorized activity. Within 40 minutes of initial access, Englewood Health's security team identified the breach and successfully locked the threat actor out of the network, preventing further data exposure. The swift containment limited the attacker's operational time within the system before access termination.

The investigation confirmed the unauthorized party obtained identifiable patient information including full names, dates of birth, and limited health details, though the health system emphasized only a restricted subset of records was accessed. A total of 3,901 patients were affected by the data exposure incident. Englewood Health implemented enhanced physical, administrative, and technical security controls across its network infrastructure following the breach to strengthen data protection measures. The organization directly notified all impacted individuals about the compromise of their personal information and provided complimentary credit monitoring services as a precautionary measure despite no evidence of misuse. No ransomware deployment or financial data theft was reported in connection with the incident, which remained confined to the brief February intrusion period.