Cyber Incident Victim: Squirrel Hill Health Center

On February 4, 2021, Squirrel Hill Health Center detected suspicious activity on its computer network, prompting an immediate investigation with assistance from third-party computer forensic specialists. The investigation determined the network had been infected with malware that prevented access to certain system files. The malicious activity occurred over a seven-day period, beginning on January 28, 2021, and ending on the date of detection. While the specific malware variant was not disclosed, its operational impact involved restricting access to files stored on compromised systems. The forensic analysis confirmed unauthorized access to the network during this timeframe but did not identify evidence of data exfiltration or encryption demands. The center's response focused on containing the malware's spread and assessing the scope of affected systems and data.

The compromised files contained personal and health information that varied by individual, including full names, physical addresses, limited appointment scheduling details, and dates of birth. Diagnostic codes representing medical conditions were also exposed in the incident. A subset of records included Social Security numbers, though the notification specified this sensitive identifier was present only for "a small number of individuals." The health center did not report evidence suggesting actual misuse of the exposed data. No details were provided regarding the number of affected individuals, specific network systems targeted, or remediation measures beyond the initial forensic investigation. The incident timeline indicates a one-week window between initial network compromise and detection of suspicious activity.