HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Data Breaches Reported by Jefferson Health and Allegheny Health Network Home Infusion

Allegheny Health Network Home Infusion Patients Affected by Ransomware Attack on Vendor

Pittsburgh, PA-based Allegheny Health Network Home Infusion has been notified about a ransomware attack on one of its vendors, Vantage Healthcare Network, Inc.

On October 17, 2021, Vantage detected suspicious activity within its network and engaged a third-party cybersecurity firm to investigate the security breach. AHN Home Infusion was informed on November 22, 2021, that the systems accessed by the ransomware gang contained patient data, some of which had been exfiltrated by the attackers prior to file encryption.

AHN Home Infusion conducted its own investigation alongside Vantage to determine which patients had been affected, and the types of information that had been compromised and has confirmed the following types of information had potentially been accessed or exfiltrated in the attack:

Names, billing information, nurse’s notes, patient referral information, prescriptions, treatment and therapy records, medical device orders, scheduling information, and a small number of Social Security numbers. AHN Home Infusion said the investigation into the attack and the document review is ongoing. So far there are no indications that any patient information has been or will be misused.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Vantage has confirmed it has restored all data encrypted in the attack. Individuals whose Social Security numbers have been compromised will be offered complimentary credit monitoring services.  The breach has been reported to the HHS’ Office for Civil Rights as affecting 7,500 patients.

Hacker Gained Access to Jefferson Health Insurance Portal

Philadelphia, PA-based Jefferson Health has discovered unauthorized individuals gained access to an online health insurance portal that was used to submit billing information for payment. The breach occurred on November 18, 2021, and the attacker attempted to divert wire payments intended for Jefferson Health.

On November 22, 2021, Jefferson Health discovered the attacker had obtained a remittance sheet that included the billing information of 5,239 patients of Thomas Jefferson University Hospital and 3,475 patients of Abington Memorial Hospital. The remittance sheet included names, month and year of birth, date(s) of service, treatment codes, and treatment costs. No Social Security numbers, health insurance information, financial account information, or other treatment information were compromised.

Jefferson Health has sent notification letters to affected individuals and said it is reviewing and enhancing its security protocols.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.