Warren General Hospital in Pennsylvania recently discovered a data breach impacting approximately 169,000 patients, initially detected on September 24 when suspicious activity was flagged within its network. The hospital swiftly secured its systems and commenced an investigation, involving law enforcement, to assess the extent of the incident.
The investigation revealed unauthorized access by an unknown entity to specific computer systems within the hospital network between September 15 and September 23. Information potentially accessed includes names, addresses, dates of birth, Social Security numbers, financial and payment card details, health insurance claims, and comprehensive medical information such as diagnoses, medications, lab results, and treatment details.
Responding promptly, the hospital conducted an exhaustive internal review to identify affected information and promptly notified potentially impacted patients. In its commitment to bolster security measures, WGH assessed network security, reinforced administrative and technical controls, and provided additional security training to mitigate similar future breaches.
The hospital promptly reported the incident to federal authorities and the U.S. Department of Health and Human Services, emphasizing patient vigilance against potential identity theft. Patients were advised to scrutinize account statements, credit reports, and benefit explanations for irregularities and promptly report any suspicious activities to relevant entities.
This breach adds to the larger trend of escalating data breach costs across industries, notably impacting healthcare, as reported by the Ponemon Institute. Healthcare data breach costs have surged by 53.3% since 2020, with the health sector experiencing the most costly breaches for the 13th consecutive year, averaging $10.9 million in expenses.
