Contents:
In a recent announcement, the Commonwealth Health System revealed that threat actors have successfully breached the computer network of a Scranton cardiology group, potentially compromising the private data of 181,764 patients.
This incident marks the latest in a series of breaches targeting medical providers in Northeast Pennsylvania, including previous attacks on Commonwealth Health hospitals. The cardiology group learned of the breach through the U.S. Department of Homeland Security, which monitors potential cyber threats.
The Timeline
The breach initially occurred on February 2 within the data maintained by Commonwealth Health Physician Network-Cardiology, also known as Great Valley Cardiology (GVC). The breach went undetected until April 13, and the health care system officials explained the delay in announcing the incident by citing the necessity of a two-month forensic investigation to accurately identify all those affected.
The compromised information varies from names, addresses, demographic details like dates of birth, as well as sensitive data such as Social Security numbers, driver’s license and passport numbers, credit card and bank account information, and health insurance, claims, and medical records such as diagnoses, medications, and lab results.
As cited by The Times-Tribune, Commonwealth Health spokeswoman Annmarie Poslock, claims there are currently no indications that the hackers have utilized the obtained information in any way.
The Investigation
The forensic investigation revealed that the hackers used brute force to gain access. GVC hired a forensic company to determine which files the unauthorized parties may have accessed.
To support the affected individuals, the system is offering free access to Experian IdentityWorks SM for 24 months, providing services for ID restoration and credit monitoring. Additionally, the cardiology group has established a toll-free response line available from 9 a.m. to 10 p.m. on weekdays and from 11 a.m. to 7 p.m. on Saturdays.
Further details regarding signing up for the Experian services can be found in the letters sent to individuals and on the GVC website at www.cwhphysiciannetwork.net.
Similar breaches have been reported in Northeast Pennsylvania recently, including a cyberattack on a third-party firm providing file transfer software to Commonwealth Health, a cyberattack on the Northeast Behavioral Health Care Consortium potentially exposing private health information, a ransomware attack on Maternal & Family Health Services Inc., and a breach involving sensitive photos and information of patients at Delta Medix locations within Lehigh Valley Health Network.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.