Cyber Incident Victim: Bronx Accountable Healthcare Network
Date:
Jul 2022
Location:
United States of America
Summary
Bronx Accountable Healthcare Network experienced a hacking incident compromising its email systems, impacting 17,161 patients. The breach was reported to federal regulators, though specific details regarding accessed data types or the attack's origin remain undisclosed publicly. This incident occurred alongside multiple other healthcare sector breaches involving unauthorized data exposure through vendor errors and prolonged system intrusions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Bronx Accountable Healthcare Network reported a hacking incident to the U.S. Department of Health and Human Services (HHS) on July 20, 2022. The breach involved unauthorized access to the organization’s email system, compromising protected health information of 17,161 patients. No further technical details regarding the attack vector, duration of unauthorized access, or specific attacker methodologies were disclosed in available public reporting. The types of data exposed through the email compromise were not explicitly enumerated in the source material, though typical healthcare email breaches involve combinations of identifiers and clinical information.
Public reporting indicated no breach notice was visible on the organization’s website at the time of disclosure. DataBreaches.net contacted Bronx Accountable Healthcare Network to inquire whether this incident might relate to a previously disclosed February 2020 breach affecting Acacia Network, an affiliated entity. No clarification or confirmation regarding this potential connection was provided in the source material. The incident appeared on HHS’s breach portal as a hacking/IT incident affecting a network server, consistent with email system compromises. No information regarding containment measures, forensic investigations, or patient notification timelines was available. The reporting entity did not disclose whether ransomware, phishing, or other specific threat actions facilitated the breach.