The personal and health information of over 430,000 individuals was compromised in October and November 2024 data breaches at Allegheny Health Network (AHN) and University Diagnostic Medical Imaging (UDMI).
UDMI, a medical imaging center in New York, says threat actors accessed certain information on its systems for a brief period on November 26, before the suspicious activity was discovered.
The hackers, which it did not name, accessed personal information such as names, addresses, dates of birth, referring physicians, and diagnosis and treatment information.
The imaging center informed the US Department of Health and Human Services (HHS) that 138,080 individuals were impacted by the data breach.
The Pittsburgh, Pennsylvania-based AHN told the HHS that 292,773 patients were affected by a data breach resulting from an October 2024 cyberattack on third-party contractor IntraSystems, responsible for hosting certain systems for AHN’s subsidiaries Home Medical Equipment and Home Infusion.
The hosted systems contained patient information such as names, addresses, dates of birth, Social Security numbers, health insurance information, treatment information, prescription information, and financial account numbers.
AHN says IntraSystems notified it of the incident on November 19, more than a month after hackers gained access to its systems, on October 11.
IntraSystems is sending written notifications to the impacted individuals on behalf of AHN, providing them free identity protection and credit monitoring services.
Neither UDMI nor AHN shared details on the threat actors behind the attacks. SecurityWeek has seen no known ransomware groups claiming responsibility for the incidents.
Related: Hundreds of Thousands Hit by Data Breaches at Healthcare Firms in Colorado, North Carolina
Related: Personal Information Compromised in GrubHub Data Breach
Related: Insurance Company Globe Life Notifying 850,000 People of Data Breach
Related: Change Healthcare Data Breach Impact Grows to 190 Million Individuals
