25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

294,000 Allegheny Health Network Patients Affected by Business Associate Cyberattack

Posted By on Jan 23, 2025

Allegheny Health Network (AHN), a Pittsburgh-based 14-hospital academic medical system, has announced a significant data breach involving unauthorized access to patient data at one of its business associates. The attack occurred at IntraSystems LLC, a third-party firm contracted to host, manage, and secure certain computer systems used by AHN’s subsidiary Home Medical Equipment and Home Infusion companies.

IntraSystems notified ALN about the cyberattack on November 19, 2024, with its internal investigation confirming that hackers first accessed systems containing patient data on October 11, 2024. The attack only affected limited systems, not ALN’s entire patient database. Approximately 293,900 home care patients who received AHN’s Home Medical Equipment and Home Infusion therapy services were affected and had some of their protected health information accessed or stolen in the incident. ALN has confirmed that some patient data was exfiltrated from the systems managed by IntraSystems.

When the breach was detected, the affected systems were immediately taken offline to prevent further unauthorized access, and connections to other systems were severed to contain the incident. The review of the affected systems confirmed they contained names, addresses, dates of birth, Social Security numbers, financial account numbers (no access codes), health insurance information, and treatment information such as diagnoses, provider information, treatments/procedures, dates of service, prescription information, and medical device serial numbers.

Notification letters are being mailed to the affected individuals by IntraSystems, which has offered credit monitoring and identity theft protection services to the affected individuals. At the time of issuing notifications, no misuse of patient data has been identified. ALN has confirmed that multiple steps have been taken in response to the incident to ensure similar breaches are prevented in the future.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Pediatric Home Respiratory Services (Pediatric Home Service)

Pediatric Home Respiratory Services (Pediatric Home Service), a Roseville, MN-based independent children’s home healthcare provider, has confirmed a breach of its internal systems and unauthorized access to files containing the data of 41,792 patients. The intrusion was detected on November 7, 2024, and immediate action was taken to contain the breach and prevent further unauthorized access. A third-party digital forensics firm was engaged to investigate the data breach and confirmed that an unauthorized third party accessed files containing patient information between November 1, 2024, and November 8, 2024.

The breach has been reported to regulators; however, it is unclear what types of data were compromised. The individual notification letters state the exact data types involved for each patient. While no misuse of patient data has been detected, the affected individuals have been offered two years of credit monitoring and identity theft protection services as a precaution, and Pediatric Home Service has enhanced its technical security measures.

Alta Resources Corp.

Alta Resources Corp., a business process outsourcing and customer engagement service provider has notified 12,162 individuals about a ransomware attack involving unauthorized access to employee and applicant information. The incident was detected on November 18, 2024, and the investigation confirmed unauthorized access to its network between November 17 and 18, 2024. The file review confirmed that the compromised data includes some or all of the following: name, address, date of birth, Social Security number, driver’s license number, health insurance information, and medical information. Alta Resources Corp. reported the attack to law enforcement and is implementing additional safeguards to prevent similar breaches in the future. Individual notifications were mailed on December 20, 2024.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist