Cyber Incident Victim: Allegheny Health Network
Date:
May 2022
Location:
United States of America
Summary
A phishing attack compromised an Allegheny Health Network employee's email account, potentially exposing personal and medical data of approximately 8,000 patients. The breach involved names, birthdates, contact information, driver's license numbers, medical diagnoses, treatment details, and record identifiers, with limited Social Security numbers and financial data affected in some cases. The organization disabled the breached account, enhanced monitoring protocols, and engaged third-party forensic investigators while notifying impacted individuals by mail. Those with exposed sensitive financial information were offered two years of identity protection services, with the health network emphasizing its commitment to data security and characterizing the incident as a learning opportunity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 31 and June 1, 2022, Allegheny Health Network experienced a data breach after an employee opened a malicious phishing email link, compromising their email account. The breach exposed the personal and medical information of approximately 8,000 patients. Compromised data included names, birthdates, addresses, phone numbers, email addresses, driver’s license numbers, medical conditions, treatments, treatment dates, diagnoses, and medical record ID numbers. A small number of affected individuals also had Social Security numbers and financial information exposed. AHN discovered the breach and initiated an investigation, later notifying impacted patients by mail in late July 2022. The health network confirmed the unauthorized party potentially accessed the data during the two-day window before the compromised account was secured.
AHN responded by immediately disabling the breached email account and implementing additional monitoring controls to prevent further unauthorized access. The organization engaged a third-party digital forensics firm to assess the full scope of the incident. For patients whose Social Security numbers or financial details were exposed, AHN offered two years of complimentary identity protection and monitoring services. Officials emphasized their commitment to privacy and security, stating the incident would serve as a learning opportunity to strengthen defenses. Affected individuals were directed to contact AHN’s Privacy Department via a dedicated phone number or email address for assistance. No evidence of data misuse was reported at the time of disclosure, though the investigation remained ongoing to confirm the breach’s precise impact.