By HFT Staff

Allegheny Health Network (AHN) announced that an IT vendor – IntraSystems, LLC – responsible for hosting, managing, and securing certain computer systems that support AHN’s subsidiary Home Medical Equipment and Home Infusion companies experienced a cybersecurity incident that led to unauthorized access to those computer systems beginning on Oct. 11, 2024. AHN learned about the cyber event on Nov. 19, 2024. 

The impacted systems hosted by IntraSystems contained the information of patients who received the services of AHN’s Home Medical Equipment and Home Infusion therapy services, and an unauthorized user was able to obtain some of this information. Once discovered, immediate steps were taken to investigate and secure patient information and stop unauthorized access to the systems and the data on them. In addition to terminating the unauthorized access to the affected systems, including immediately taking those systems offline, connections with other systems were turned off to prevent additional unauthorized access. Law enforcement was also notified. 

Impacted patients are being notified by IntraSystems in accordance with HIPAA and applicable state law. The affected personal information may have included names, dates of birth, addresses, Social Security numbers, financial account numbers (but no access codes), health insurance identification numbers and other health insurance information, and treatment information including diagnoses, provider information, treatments/procedures, dates of service, prescription information, and medical device serial numbers. AHN is not aware of any actual or attempted identity theft or fraud as a result of this incident. 

Multiple other corrective actions to respond to the incident and to help ensure an incident like this does not happen again have been taken.