Pennsylvania Warren General Hospital hospital reports data breach, exposes 169k individuals

Warren General Hospital (WGH), a community medical institution established in 1900 and situated in Warren, Pennsylvania, has reported a cybersecurity breach.

The breach was detected after noticing suspicious network activity on September 24, 2023. The hospital's investigation, initiated with assistance from third-party data security specialists, confirmed that from September 15 to September 23, 2023, an external party had gained unauthorized access to its computer systems.

During this period, the intruder accessed files containing a wide array of personal patient information, which included, but was not limited to following patient data:

• names,
• residential addresses,
• dates of birth,
• Social Security numbers,
• financial account and payment card details,
• health insurance particulars,
• medical treatments received.

The data of approximately 169,000 patients was exposed during the breach, but the nature of the breach is not disclosed.

WGH acted to secure the affected systems, notify the appropriate federal law enforcement agencies, and filed a formal notice of the data breach with the U.S. Department of Health and Human Services Office for Civil Rights. They also issued a “Notice of Data Privacy Event” on their website to inform the broader public.

On November 9, 2023, WGH began the process of distributing notification letters to all individuals whose sensitive information had been compromised, offering them the details of the breach and the specific data pertaining to them that was involved.