Cardiology group hit by cyberattack, exposing data of nearly 182,000 patients
A cyberattack in early 2023 targeting Commonwealth Health Physician Network-Cardiology (CHPNC) in Scranton, Pennsylvania, left the private data of nearly 182,000 heart patients in jeopardy, the practice’s health system revealed.
The cyberattack occurred sometime between Feb. 2 and April 14, Commonwealth Health Physician Network said in a prepared statement. CHPNC, also known locally as Great Valley Cardiology, immediately took its network offline, disabled VPN access and immediately launched an investigation into the incident.
“The personal information to which the unauthorized parties had access varied from person to person,” according to the health system’s statement. “It may have included name, address, demographic information such as date of birth, social security number, driver’s license number, passport number, credit card or debit card information, bank account information, health insurance information and health insurance claims information, and medical information.”
As a result of this incident, Great Valley Cardiology is offering current and past patients with complimentary access to Experian IdentityWorks for 24 months. The practice is also asking patients to reach out to Experian if they feel their personal information was used in a fraudulent manner.
Annmarie Poslock, a spokeswoman for the Commonwealth Health system, said in an email to the Times-Tribune that CHPNC first learned of the cyberattack from the U.S. Department of Homeland Security. Also, the health system said it waited so long to announce the issue to allow time for a proper investigation.
Poslock also told the Times-Tribune that there is no evidence patient data was used “in any way.”