25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Sutter Senior Care and Allegheny County Have Data Compromised in MOVEit Transfer Hacks

Posted By on Aug 2, 2023

Allegheny County in Pennsylvania has recently confirmed that the protected health information of up to 689,686 individuals was compromised in a May 2023 hacking incident by the Clop threat group. Allegheny County was alerted about the breach on June 1, 2023, and it was confirmed that the group exfiltrated files containing sensitive data between May 28 and May 29, 2023. Allegheny County said it received assurances from the Clop group that the stolen data was deleted, per the group’s policy of only attacking and extorting money from businesses; however, affected individuals have been told to take steps to protect their personal information and to register for the complimentary credit monitoring and identity theft protection services that have been offered.

County officials confirmed that the compromised information included names, Social Security numbers, birth dates, driver’s license/state identification numbers, taxpayer identification numbers, student identification numbers, and for certain individuals, medical information such as diagnoses, treatment information, and admission dates, and health insurance and billing/claims information.

Sutter SeniorCare PACE, a nonprofit health plan based in Sacramento, CA, has also recently confirmed that it was affected and had plan member data compromised in the attacks. The file transfer solution was used by its business associate, Cognisight, LLC, which provides specialist healthcare management services. Cognisight was informed about the hacking incident on May 31, 2023, and its forensic investigation of the incident concluded on June 5, 2023. Sutter Senior Care was informed about the incident on July 12, 2023.

The information stolen in the attack included names, dates of birth, Social Security numbers, and health information such as patient identification numbers and diagnosis, treatment, and provider information. Credit monitoring and identity protection services have been offered to the affected individuals. The HHS’ Office for Civil Rights breach portal indicates 519 individuals were affected.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist