Cyber Incident Victim: Philadelphia FIGHT Community Health Centers

Philadelphia FIGHT Community Health Centers experienced a cyberattack on November 30, 2021, prompting an investigation with third-party forensic experts. The analysis confirmed that electronic medical records and core clinical systems remained uncompromised. On January 13, 2022, the organization identified unauthorized access to non-clinical systems containing protected health information. Approximately 15,000 patients had data exposed in the breach, though investigators could not confirm whether attackers viewed or exfiltrated specific files. The compromised systems stored sensitive details including patient names, dates of birth, Social Security numbers, medical diagnoses, treatment histories, and health insurance information. No evidence emerged suggesting misuse of the exposed data following the incident. The breach timeline indicates attackers operated within non-clinical infrastructure for over six weeks before detection.

Philadelphia FIGHT initiated a comprehensive review of security protocols following forensic findings. Organizational representatives stated plans to enhance technical safeguards against future cyber intrusions. While clinical operations remained unaffected, the incident exposed vulnerabilities in auxiliary systems handling sensitive administrative data. A separate breach involving Memorial Hermann Health System's vendor Advent Health Partners was referenced in disclosures, impacting 6,260 individuals through compromised driver's licenses, financial records, and treatment details. Both healthcare entities emphasized transparency in notifications, with Memorial Hermann offering affected individuals complimentary credit monitoring services through its vendor. Philadelphia FIGHT's response focused on system hardening without specifying additional remediation measures for impacted patients.