A Scranton, Pa.-based cardiology group's computer network was invaded by hackers, who potentially obtained private data of 181,764 patients, The Times-Tribune reported June 12.
Commonwealth Health Physician Network-Cardiology, also known as Great Valley Cardiology, was hacked on Feb. 2, but the breach was not discovered until April 13, the system said. The health system did not announce the breach for two months in order to conduct a forensic investigation to identify everyone affected.
Information obtained varied by person, but included names, addresses, demographic information, Social Security numbers, driver's license and passport numbers, and credit card or debit card and bank accounts, as well as health insurance, claims and medical information.
Annmarie Poslock, a Commonwealth Health spokesperson, told the news outlet that there was no indication the hackers used the information "in any way."
The system learned of the incident from the Department of Homeland Security, which tracks potential cyber threats. The cardiology group disconnected its network and referred the matter to law enforcement.
"The unauthorized parties no longer have access to the GVC (Great Valley Cardiology) network," Ms. Poslock said. She added that the hackers used a specialized software to generate passwords until it found the right one.
Affected clients were mailed notices, and a notice about the breach was posted on the website. The system is offering affected people free access to Experian IdentityWorks SM for 24 months to provide ID restoration and credit monitoring services.