Pennsylvania hospital hit by data breach affecting 169K

Warren General Hospital in Pennsylvania is the latest hospital to be hit by a significant data breach, this one affecting roughly 169,000 patients.

The breach was first detected on September 24, when WGH identified suspicious activity on its network. According to the hospital, it “immediately” took steps to secure its systems, subsequently launching an investigation into the nature and scope of the incident as well as notifying law enforcement.

The investigation determined that an unknown actor accessed certain computer systems in the WGH network between September 15 and September 23. The types of information that may have been downloaded from the impacted systems includes names, addresses, dates of birth, Social Security numbers, financial account information, payment card information, health insurance claims information, and medical information including diagnosis, medications, lab results and other treatment information.

WGH’s response was to undertake a comprehensive review of its internal records to determine what information was present on the affected systems and to provide notification to those who were potentially impacted.

WHAT’S THE IMPACT

“We take this event and the security of personal information in our care very seriously,” the hospital said in a statement.

WGH said it assessed the security of its network, sent notifications to potentially impacted patients and conducted a review of its existing policies and procedures as well as its enhanced administrative and technical controls. It also provided additional security training to reduce the likelihood of a similar future event.

The incident was reported to federal authorities and the U.S. Department of Health and Human Services.

As a precaution, the hospital said patients should remain vigilant against incidents of identity theft by reviewing account statements, credit reports, and explanations of benefits for unusual activity and to detect errors.

“Any suspicious activity should be promptly reported to your insurance company, healthcare provider, or financial institution,” WGH said.

THE LARGER TREND

While data breaches affect all industries, healthcare suffers the largest financial hit, according to data published in July by the Ponemon Institute.

This year, the average cost of a data breach reached an all-time high of $4.4 million. That’s a 2.3% increase from 2022, and, taking the long-term view, the average cost has increased 15.3% from the 2020 report.

Since 2020, healthcare data breach costs specifically have increased 53.3%, representing a considerable rise in recent years. This is the 13th consecutive year the health industry reported it had the most expensive data breaches, averaging $10.9 million in cost.

While data breach costs continued to rise, the participants were almost equally split on whether they plan to increase security investments because of a data breach. The top areas identified for additional investments included incident response (IR) planning and testing, employee training, and threat-detection and response technologies.
 

Twitter: @JELagasse
Email the writer: Jeff.Lagasse@himssmedia.com