The names and medical histories of 8,000 Allegheny Health Network patients may have been leaked in a data breach last month after an employee opened a phishing email that compromised their account, the health care system said Friday.
Affected patients were notified by mail this week, officials said.
The incident happened May 31 and June 1 after an employee received a “malicious phishing email link” that in turn compromised their email account, AHN said.
The entity on the other end of the phishing scam may have had access to a slew of personal information, including patients’ names, birthdates, addresses, phone numbers, email addresses and driver’s license numbers.
Medical information that may have been accessed includes conditions, treatments, dates of treatment, diagnoses and medical record ID numbers, officials said.
AHN said there were a “small number of instances” in which social security numbers and financial information were compromised, prompting AHN to offer those affected two years of identity protection and monitoring services.
“At AHN and Highmark Health, safeguarding the privacy and security of patient and member information is our highest priority,” AHN spokesman Dan Laurent said in a statement.
He said the health care company will use the incident as “a learning opportunity.”
Officials said they shut down the compromised email account and implemented a number of monitoring controls. A third-party digital forensics firm is working to determine the full extent of the data breach.
Patients with questions can contact AHN’s Privacy Department at 1-800-985-2050 or firstname.lastname@example.org.
Megan Guza is a Tribune-Review staff writer. You can contact Megan by email at email@example.com or via Twitter .