Cyberattacks at Allegheny Health Network Home Infusion and Jefferson Health

Ransomware Attack on Vendor Impacted Allegheny Health Network Home Infusion Patients

Allegheny Health Network Home Infusion based in Pittsburgh, PA was alerted concerning a ransomware attack on its vendor, Vantage Healthcare Network, Inc.

On October 17, 2021, Vantage observed suspicious activity in its system and involved a third-party cybersecurity agency to check out the security incident. AHN Home Infusion received an alert on November 22, 2021, that the ransomware group obtained access to systems that contain patient information. The hackers exfiltrated certain files before encryption.

AHN Home Infusion carried out an investigation along with Vantage to ascertain which patients were impacted, and the particular information that was affected. these types of data had possibly been viewed or exfiltrated in the breach:

Names, billing data, medications, nurse’s notes, patient referral details, treatment and therapy reports, booking data, medical device orders, and a few Social Security numbers.

AHN Home Infusion mentioned the investigation into the breach and the file analysis is continuing. Thus far, there is no evidence that any patient record has been or will be improperly used.

Vantage has affirmed that it has recovered all information encrypted during the ransomware attack. Persons who had their Social Security numbers exposed will be given free credit monitoring services. The provider has sent the breach report to the HHS’ Office for Civil Rights stating that 7,500 individuals were affected.

Hacker Obtained Access to Jefferson Health Insurance Website

Jefferson Health in Philadelphia, PA has uncovered that unauthorized people obtained access to an online health insurance site that was utilized to send billing details for payment. The security incident happened on November 18, 2021, and the hacker tried to redirect wire payments designated for Jefferson Health.

On November 22, 2021, the insurance firm learned the attacker acquired a remittance document that included the billing details of 3,475 patients of Abington Memorial Hospital, and 5,239 Thomas Jefferson University Hospital patients. The remittance record contained names, year and month of birth, date(s) of service, treatment codes, and treatment bills. There was no breach of Social Security numbers, medical insurance data, financial account data, or other treatment details.

Jefferson Health has mailed notification letters to impacted persons and mentioned it is examining and strengthening its security standards.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at