Public Safety

Cyber Attack Suspected as Cause of Sunday's Erie County 911 Issue, Erie County

Breach Type – Unknown, TDoS

Erie News Now
October 23rd, 2022

“A cyber attack is suspected as the cause of the issue that prevented cell phone and other wireless users from dialing 911 to reach Erie County dispatchers, county public safety officials told Erie News Now on Monday."
”We're told it started with a non-initialized or deactivated phone number calling into 911 every seven seconds. Only wireless 911 callers in Erie County were impacted, according to officials."
“The issue was reported around 10 p.m. Sunday, and full 911 operations were restored about an hour later just before 11 p.m. While the problem persisted, the county told wireless users to dial an alternate phone number, call 911 from a landline phone, text 911 or go to the nearest police or fire department to report an emergency.”

Delaware County and Delaware County PD, Delaware County

Breach Type – Unknown, Ransomware

Philadelphia CBS local
November 25th, 2020

Delaware county's computer systems were downed after attack from hackers
A ransom is demanded to give up control of computer network
The county cannot access police reports payroll and other databases and files

Bleeping Computer
November 29th, 2020

Delaware County paid the $500,000 ransom after systems were hit by attacker
The County had insurance that was able to pay the $500,000 ransom demanded
Sources have told that the DoppelPaymer ransomware gang was behind the attack in that Delaware County had paid the ransom

WHYY
January 8th, 2021

County government paid $25,000 ransom to bad actors
Upon payment, bad actor provided decryption tool, list of files stolen
Government head advised payment of the ransom

Millcreek Township and Millcreek PD, Erie County

Breach Type – Unknown, Ransomware

Erie News Now
September 25th, 2020

The township released publicly that it was the victim of a cyber attack
Investigations show it to be a ransomware based attack
Bad actors demanded over $250,000 in ransom leading FBI to launch investigations

Luzerne County Government Systems & Sheriff's Office, Luzerne County

Breach Type - Phishing, Malware

Times Leader
May 29th, 2019

Luzerne County hit with cyber attack via e-mail attachment that shut down several servers
911 department and emergency management agency unaffected due to utilizing isolated servers
Officials were unsure when exactly the virus had infected the system, likely remained dormant for some time

Gov Tech
June 5th, 2019

Servers that were once targeted are assumed to be online and cleared following public release
First expected to be restored are the databases and systems associated with the county prison system and other branches
The systems were shut down to quarantine and stop any spread of the virus within the network preventing workers uploading onto networks

Chester County Government & 911 Dispatch, Chester County

Breach Type - Malware

Patch
February 19th, 2019

Online systems and dispatch were rendered offline in weekend attack
Chester County Government has put in full effort to resolve issues
Online services are still impacted as progress is being made

City of Allentown

Breach Type - Hack

The Morning Call
February 20th, 2018

Malware infects system
Shuts down financial & public safety operations
Estimated $1M for removal of malware
PD cannot access databases controlled by PA state police

Mt. Holly Springs PD

Breach Type - Ransomware

ABC 27
October 3rd, 2016

Email from “FedEx” leads to exploitation of computer services
Hackers demanded $500 in bitcoin
Computer was not set up to general server
None of the files lost were vital

Local Government

County Experiences Security Breach With Jail Employee Email, Butler County

Breach Type – Unknown, Data Breach

Butler Radio
September 13th, 2023

"A cyber event last month may have affected the security of some information maintained by Butler County.”
"County officials say they found out August 8th that an email account related to the County jail was sending unauthorized spam emails."
“The county secured the account and brought in a nationally recognized digital forensics team to help investigate. Later in the month, the county determined that an unauthorized actor accessed a County employee’s email for a limited time and copied the contents. This review is ongoing but some personally identifiable information was impacted. Written notice will be provided to those affected.”
” County investigators searched dark web sources and found no indication that personal information maintained by the County has been released or offered for sale due to this incident. The County will continue to monitor and strengthen email security but encourages those who may have been affected to pay close attention to financial accounts and credit reports.”

Carbon County hit with cyber attack

Breach Type – Unknown, Ransomware

Times News Online
August 23, 2023

“The Carbon County computer system was recently involved in a cyber attack on its network."
”On Tuesday evening, Commissioners’ Chairman Wayne Nothstein provided a statement on the incident and how it is being handled. The ransomware attack was detected Monday morning.”
”Nothstein said that as soon as the county learned of the breach, officials began “working to investigate and restore operations and determine the effects of the incident.”
”The county also contracted with a nationally recognized cyberspace and data forensics company to investigate, as well as contacted local law enforcement.”

Allegheny County Impacted by MOVEit Security Incident

Breach Type – Unknown, Data Breach

WV News
July 28th, 2023

“Allegheny County, Pennsylvania ("Allegheny County") today announced that data from the county was involved in the global cybersecurity incident last month involving file transfer tool, MOVEit.”
”The county is the latest in a list of several hundred organizations that were impacted when a software vulnerability in MOVEit allowed cybercriminals known as "CI0p" to access and download data, including data belonging to the county"
“While the impacted information varies based on the individual and their relationship with Allegheny County, the information at issue may include name; social security number (SSN); date of birth; driver's license/state identification number; taxpayer identification number; and student identification numbers. For some individuals, certain types of medical information (e.g., diagnosis, treatment type, admission date), health insurance information, and billing/claim information may be involved.”

Clearfield County Computer Systems, Clearfield County

Breach Type – Unknown, Malware

The Progress News
January 11th, 2021

County computer services, including email, have been taken out following cyberattack
Attack disabled county courthouse teleconference systems
Officials remained unsure about extent of damage

Connect Radio
February 24th, 2021

County dispatched letters to individuals likely affected by cyberattack
Officials determined that personal information was potentially compromised
Bad actors posted personal information on their website following attack

Penn Township, York County

Breach Type – Hacking, Other

Government Technology
June 15th, 2020

Township government was victim of cyberattack
Bad actors were able to steal money from credit account
Officials hired third-party contractor to help with investigation

South Eastern Pennsylvania Transit Authority, Philadelphia County

Breach Type – Unknown, Malware

The Philadelphia Inquirer
August 24th, 2020

Realtime travel information was disabled by bad actors
Officials were uncertain as to whether private information had been accessed
Federal law enforcement assisted in the investigation

City of Scranton Non-Emergency Computer System, Lackawanna County

Breach Type – Unknown, Ransomware

WILK Newsradio
August 25th, 2020

Non-emergency network hit in ransomware cyberattack
Outside cybersecurity specialists assisted in the investigation
Officials stated they would advise the public if private information was accessed

Duncannon Borough, Perry County

Breach Type – Hacking, Ransomware

PennLive
May 20th, 2020

Bad actors used ransomware in cyberattack on county government
Town officials paid tens of thousands of dollars in ransom
Backup systems were locked in addition to standard data

Allegheny Intermediate Unit, Allegheny County

Breach Type – Unknown, Ransomware

TRIB LIVE
February 6th, 2020

Officials believed private information remained safe
Bad actors used ransomware in county hit
Officials confirmed an ongoing investigations was underway

City of DuBois, Clearfield County

Breach Type – Unknown, Malware

The Courier Express
January 27th, 2020

City computer network disabled in cyberattack
Numerous law enforcement agencies investigated
IT advised they were working to regain access

Leesport Tax Collector System, Berks County

Breach Type – Hacking, Data Breach

Reading Eagle
December 5th, 2019

Tax collector's computer system was hit in data breach
Citizens advised to place holds on financial information
Local law enforcement investigated breach

Bradford City Hall, McKean County

Breach Type – Unknown, Ransomware

The Bradford Era
October 5th, 2019

Majority of city hall's computers destroyed in ransomware cyberattack
City officials stated replacement computers had been put in place
IT company discovered ransomware had infiltrated city's server

Lebanon County Government Systems, Lebanon County

Breach Type – Unknown, Malware

LebTown
August 29th, 2019

The County's computer systems were taken offline once it was discovered there had been an attack
It had been released that the systems were disconnected in an act of caution and prevention of further damage
9-1-1 systems were not affected but email systems and their telephone system had been knocked offline

Butler County Federated Library System, Butler County

Breach Type - Unknown, Ransomware

ButlerRadio
July 22nd, 2019

Following the attack, the county Library continues to maintenance serves in attempts for full restoration
From the beginning of detection IT and Library staff continue to work on fixing systems in the hopes of nominal operations
It had been discovered that this specific attack was another Ryuk attack following many prior

Philadelphia Court System (First Judicial District), Philadelphia County

Breach Type - Unknown, Malware

Philly
May 23rd, 2019

The First Judicial Court experienced a virus attack leading them to quarantine systems
No data was compromised and all court proceedings occurred nominally
Impact was not seen during court operations due to virus being treated immediately now

City of Washington, Washington County

Breach Type - Ransomware

WPXI
May 10th, 2019

Computers were shut down in the City of Washington due to a large scale ransomware attack
The origin of the virus is still unknown as investigations are still underway over this seemingly isolated incident
It is unknown if this was a ransomware based attack as all infected files were removed

State of PA Department of Corrections

Breach Type - Hacking, Data Breach

Fox 43
July 23rd, 2018

Vulnerability in third party vendor compromised inmate private data
Department of Corrections notified of hackers exfiltrating sensitive data
13,791 inmates and employees potentially affected

The Pennsylvania Department of Health

Breach Type - Hacking, Other

DataBreaches
July 16th, 2018

Pennsylvania Department of Health internal website hacked
Sensitive patient information unaltered
Website defacement main goal of cyber attack

Westmoreland Housing Authority, Westmoreland County

Breach Type - Ransomware

TribLive
July 13th, 2018

Hackers demand ransom over $40M
Cyber-attack rendered phones and computers inoperable
Housing authority debating paying ransom or independently restoring servers

Bucks County

Breach Type - Phishing/Other

The Intelligencer
July 6th, 2018

Bucks County employee email account compromised
Hackers use county email to send malicious attachments
Cyber-attack origin unknown
Unknown how many people impacted by attack

East Cocalico Township Tax Collector, Lancaster Co.

Breach Type - Hack

The Euphrata Review
May 25th, 2018

Tax Collector computer hit with cyber attack
Sophisticated hacker traced to Ukraine
Investigation ongoing
Notified citizens to watch accounts for fraud

Strasburg, Lancaster

Breach Type - Phishing

Fox 43
March 20th, 2018

Hackers hit email system 3 times
Residents receiving emails from Strasburg offices, encouraged not to open
Strasburg office working with IT department to restore its systems

City of Hermitage

Breach Type - Phishing

WFMJ
March 1st, 2018

Foreign hackers attempt to trick city finance office into sending money to supplier in Illinois
Supplier in Illinois would then wire money overseas
Claimed that the city owed $23,000

Bucks County

Breach Type - Phishing

Bucks County Courier Times
September 15th, 2017

Bucks Co. Falls victim to malicious phishing campaign
PDF attachment infected system with malware"
When clicked, would infect victims computer and send out more fraudulent emails

Dauphin County, Harrisburg

Breach Type - Ransomware

NBC News
March 3rd, 2017

Pennsylvania Senate Democrats hit with ransomware
Worked with law enforcement agencies and Microsoft to resolve the problem

Penn Live
March 10th, 2017

Regained access to their work email accounts
Wireless service was restored to Senate office
Senators' Web sites all appeared to be accessible
Microsoft loans laptops as temporary work platform
Old hardware cleansed and data restored

Allegheny County

Breach Type - Ransomware

Dark Reading
December 6th, 2016

State prosecutor's office paid attackers $1,400 in Bitcoin to free its data
Hit with Avalanche botnet network
Employee opened a link which infected computer systems

Medical

Crozer Health’s computer systems were knocked offline Thursday by a ransomware attack, Delaware County

Breach Type – Unknown, Ransomware

DataBreaches.net
August 3rd, 2023

“Computer systems at Delaware County’s Crozer Health were offline Thursday after a ransomware attack on the health system’s owner, Prospect Medical Holdings Inc., the company said.”
”We have experienced a ransomware attack that is Prospect-wide, and are currently evaluating the situation,” Crozer spokesperson Lori Bookbinder said in a text. “We will provide updates as appropriate.”
“Crozer includes Crozer-Chester Medical Center in Upland and Taylor Hospital in Ridley Park. Prospect ended inpatient services at Delaware County Memorial Hospital in Drexel Hill and Springfield Hospital in Springfield.”

VINCERA INSTITUTE EXPERIENCES RANSOMWARE ATTACK, Philadelphia County

Breach Type – Unknown, Ransomware

Health IT Security
June 22nd, 2023

“The Vincera Institute, a center that treats athletes who suffer from core injuries, disclosed a data breach that resulted from a ransomware attack in April 2023."
“The institute submitted four breach notifications to HHS, under the Vincera Imaging, Vincera Rehab, Vincera Surgery Center, and Vincera Core Physicians. In total, the notices indicate that 25,000 individuals were impacted.”
”Vincera Institute has found no evidence of unauthorized access or misuse of data, but noted that names, contact details, Social Security numbers, treatment records, and insurance information may have been exposed.”
”The organization said it has since implemented enhanced security measures and monitoring systems and is working to identify vulnerabilities and investigate the full scope of the breach.”

UPMC contractor detects patient data breach, Allegheny County

Breach Type – Hacking, Data Breach

TRIBLIVE.com
June 13th, 2023

“A contractor for UPMC said it discovered a data breach that could have impacted customer and patient information.”
”...its secure file transfer service provider, Fortra, “experienced a data security incident.” The company undertook an investigation to figure out the scope of the incident.”
“UPMC, along with other health care companies, uses Intellihartx’s services as part of its billing and collections. The breach occurred in February, UPMC said Friday.”
”The types of personal information stored on the affected Fortra systems at the time of the incident included names, addresses, medical billing and insurance information, certain medical information and demographic information such as date of birth and Social Security numbers, UPMC said in a statement.”

Northeast Behavioral Health Care Consortium hit by cyber attack, Lackawanna County

Breach Type – Phishing, Data Breach

Yahoo.com
April 20th, 2023

“A cyberattack potentially exposed private health information of clients served by the Northeast Behavioral Health Care Consortium, the organization revealed Thursday."
“In an ad placed in The Times-Tribune, the agency said it learned on Feb. 20 that an employee's email had been compromised through a phishing attack, which may have allowed hackers to gain access to clients' information, including names, member numbers, Medicaid numbers, diagnoses, detailed incident descriptions and levels of care.”
”The Moosic-based nonprofit consortium was created in 2006 by Lackawanna, Luzerne, Susquehanna and Wyoming counties to manage HealthChoices, a statewide managed care program serving medical assistance recipients. The agency currently serves over 180,000 members in the four counties, according to information posted on its website.”.
"The breach notice does not say how many people may have been affected.”.
”The notice says the agency is not aware of fraud or misuse of personal information. Officials believe the hackers' primary objective was to continue the phishing email attack to potentially access other companies' information.”

Lehigh Valley Health Network: Patient photos, info from ransomware attack released online, Lackawanna County

Breach Type – Unknown, Ransomware

Pocono Record
February 20th, 2023

”Lehigh Valley Health Network has confirmed a cybersecurity attack on a physician's office in Lackawanna County early this month."
"According to a statement released by the healthcare network, LVHN was targeted by a ransomware gang known as BlackCat, which has been associated with Russia. Initial analysis from LVHN showed the network supporting one practice located in Lackawanna County was targeted, though the attack has not disrupted operations.”
”On Feb. 6, LVHN detected unauthorized activity within their IT system. A technology team identifed the unauthorized activity, leading to an investigation. Leading cybersecurity firms and experts were engaged in the process, and law enforcement was notified.”
LVHN officials noted they are continuing to work with the aforementioned experts to investigate the scope of the incident, though as of Feb. 20, they "continue to operate normally."
”Although the investigation is ongoing, at present, initial analysis shows the incident involved a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information. BlackCat demanded a ransom payment, though LVHN refused to pay. The healthcare network indicated BlackCat has targeted other organizations in the academic and healthcare sectors as well.

Pocono Record
March 8th, 2023

"Lehigh Valley Health Network has confirmed a Russian ransomware gang has released patient photographs and information on the dark web.”
"In a statement issued by the health network, LVHN stated BlackCat, the Russian ransomware group which attacked a Lackawanna County practice on Feb. 6, has posted limited patient information on the dark web."
”LVHN noted the stolen information includes photographs of cancer patients receiving radiations oncology treatment at Lehigh Valley Physician Group's Delta Medix practice in Scranton, along with seven documents containing patient information.”

Heads up: Highmark Health will be notifying 300,000 patients of a phishing incident. Watch for your mail this month., Allegheny County

Breach Type – Phishing, Data Breach

DataBreaches.net
February 5th, 2023

"Letters have not gone out yet and will not be going out in the mail until February 13, but Highmark Health will be notifying 300,000 patients of a data security breach that occurred on December 13, 2022, after an employee clicked on a link that they should not have clicked on. The breach was discovered on December 15, 2022.”
"According to Highmark’s notification letter, seen by DataBreaches, the emails in the employee’s compromised email account may have included various protected health information elements: name, social security number, and enrollment information such as the individual’s group name, identification number, claims or treatment information such as claim numbers, dates of service, procedures, and prescription information. as well as in some cases, financial information, address, phone number, and email address.”
”Not all individuals had all elements and there are two forms of the letter going out: one to those whose social security number was involved, and one to those who did not have their social security number involved.”
”In either case, those being notified will read, “While, at this time, we have no evidence that your information was misused, our risk assessment on this incident concluded that notice to you is appropriate. To help protect your identity, we are offering complimentary access to Experian IdentityWorksSM for 24 months at no cost to you.”
”The notification letters, copies of which were provided to the Maine Attorney General’s Office, do not explain why the employee had so many emails in their account that 300,000 people have to be notified.

Connexin Software notifies parents of 2.2 million pediatric patients of hack, Montgomery County

Breach Type – Unknown, Data Breach

DataBreaches.net
November 30th, 2022

“Connexin Software, a business associate to numerous pediatric practices, recently notified HHS that it experienced a breach that affected 2,216,365 patients. One thing DataBreaches noted with interest in their substitute notice below is their statement that an unauthorized individual was able to access an offline set of patient data used for data conversion and troubleshooting. If the data set was offline, how did the attacker gain access to it? Nor does the notice indicate whether Connexin ever received any ransom demand."
"Connexin Software, Inc. (Connexin), a provider of electronic medical records and practice management software, billing services, and business analytic tools to pediatric physician practice groups, is providing notice that an unauthorized third party was able to gain access to an internal computer network. The live electronic medical record was not accessed and the incident did not affect any pediatric practice groups’ systems, databases, or medical records system at all.”
"On August 26, 2022, Connexin detected a data anomaly on our internal network. We immediately launched an investigation and engaged third-party forensic experts to determine the nature and scope of the incident. On September 13, 2022, we learned that an unauthorized party was able to access an offline set of patient data used for data conversion and troubleshooting. Some of that data was removed by the unauthorized party. The live electronic record system was not accessed in this incident, and the incident did not involve any physician practice group’s systems, databases, or medical records system at all. Connexin is not aware of any actual or attempted misuse of personal information as a result of this event.”

Rehab center hit with hack, subsequent lawsuit, Allegheny County

Breach Type – Hacking, Data Breach

Yahoo! News
November 29th, 2022

“A major nonprofit health care provider has been impacted by a cyber incident and is now facing a subsequent lawsuit. Gateway Rehabilitation Center reported the incident to the U.S. Department of Health and Human Services on November 18, noting that 130,000 people were impacted."
"A letter sent to patients that same day states that the rehab center “experienced an incident disrupting access” to its systems. The letter claimed the company has “no evidence that any of the potentially impacted information has been misused.”
"A proposed class-action lawsuit filed this week in federal court, however, claims that Gateway had “inadequate data security” and thus enabled sensitive information to be “accessed by hackers, posted on the dark web, and exposed to an untold number of unauthorized individuals.”

Keystone Health Data Breach Impacts PHI of 235K Individuals, Franklin County

Breach Type – Unknown, Data Breach

Health IT Security
October 17th, 2022

"Keystone Health, a Pennsylvania-based team of primary care providers, disclosed a healthcare data breach that potentially impacted the protected health information (PHI) of 235,237 individuals. “While we have a robust information security system in place, unfortunately, no system is perfect, and we recently identified and addressed a cybersecurity incident,” Keystone Health told patients.”
”The files contained patient names, clinical information, and Social Security numbers. Keystone began mailing letters to impacted individuals and offered credit monitoring services to those who were eligible. “We value the trust our community places in Keystone Health, and we deeply regret any concern this may cause our patients and their families,” the notice continued.”
“To help prevent something like this from happening again, we are implementing new network security measures and providing additional training to our employees.”

Phishing Attack at Allegheny Network Impacts 8k, Allegheny County

Breach Type – Phishing, Data Breach

Health Security
August 2nd, 2022

"Allegheny Health Network (AHN) and its parent company, Highmark Health, announced that a phishing attack had led to potential protected health information (PHI) exposure for approximately 8,000 patients."
"An employee was sent a malicious phishing email ink that led to their account being compromised between May 31 and June 1, 2022, the announcement explained."
"The threat actor managed to obtain access to some files containing patient names, birth dates, dates of service, conditions, treatment and diagnosis information..."

Family Practice Center discloses a breach from October 2021, Snyder County

Breach Type – Unknown, Data Breach

DataBreaches.net
June 9th, 2022

“Family Practice Center (“FPC”) announced that it suffered an attempt to shut down its computer operations on October 11, 2021. That attempt failed and FPC was still able to treat patients and provide service to the community."
“Although FPC has no evidence that any information has been misused, out of an abundance of caution FPC is providing notification to patients whose information may have been involved in the incident. The potentially affected information included names, addresses, medical insurance information, and health and treatment information. Patient medical records were not involved in the incident. For a small group of patients, Social Security numbers were involved."
“FPC will be notifying potentially impacted individuals of this incident by letter. The letters include information about this incident and what steps those individuals who had their information exposed can take to monitor and protect their information."
"FPC are not aware of the misuse of any patient information resulting from this incident."

Jefferson Health data breach exposed billing info of 9,000 patients, Philadelphia County

Breach Type – Hacking, Data Breach

Philly Voice
January 21st, 2022

”Jefferson Health is notifying more than 9,000 patients whose personal information may have been exposed during a privacy breach late last year."
”An authorized person accessed an online portal used by Jefferson staffers to submit billing information to Independence Blue Cross on Nov. 18 and attempted to divert wire payments meant for Jefferson,"
"The hacker gained access by impersonating two authorized staff members in order to reset passwords on the portal"
"On Nov. 22, the investigation determined the hacker obtained a remittance sheet containing the billing information of 9,095 patients. The data included names, dates of service, treatment codes and costs."

Hackers Target Data at Philadelphia Health-Care Systems

Breach Type – Hacking, Data Breach

GovTech.com
July 27th, 2021

"Jefferson Health says a cloud-based database with information on 1,769 patients treated at the Sidney Kimmel Cancer Center was breached in April during a national attack on a software vendor."
”Jefferson Health said that the April hack was limited and that the intruders did not penetrate its main computer system. The breach took place through Elekta Inc., a Swedish company. The company has not said whether the attack involved ransomware or was limited to attempted data theft."
"Jefferson Health is mailing letters to patients whose information may have been involved in this incident. Jefferson Health is also providing people whose Social Security number was involved with complimentary credit monitoring and identity theft protection services."

Jefferson Health Cancer Patients' Personal Health Information Compromised in April Hack, Philadelphia County

Breach Type – Hacking, Data Breach

Philadelphia CBS Local
July 19th, 2021

"A warning for some Jefferson Health cancer patients: your personal information could be in the hands of hackers."
"The health system says the cyberattack involves a vendor called Elekta, which handles patient information for cancer treatments."
“We’re told the hackers obtained patients’ names, dates of birth, and some medical information back in April. They also got some patients’ social security numbers."
-"Jefferson Health is contacting everyone who is affected and will offer free credit monitoring and identity theft protection to people whose social security numbers were stolen."

Squirrel Hill Health, Allegheny County

Breach Type – Unknown, Malware

PR Newswire
April 4th, 2021

Malware discovered after suspicious activity was investigated on February 4th
Data compromised includes names, addresses, appointment scheduling details, dates of birth, diagnostic codes, and SSNs
Squirrel Healh is in the process of notifying impacted individuals

BioTel Heart, Chester County

Breach Type – Unknown, Data Breach

Becker's Hospital Review
April 5th, 2021

BioTel Health notified patients of a vendor data breach affecting nearly 39,000 people
Data compromised includes but is not limited to SSNs, medical records, and contact information
BioTel Heart is offering two years of credit monitoring via Equifax in response to the breach

University of Pittsburgh Medical Center, Allegheny County

Breach Type – Unknown, Data Breach

Becker's Hospital Review
February 8th, 2021

UPMC was prompted to begin notifying patients of a potential data breach following suspicious activity
Investigations lead discovered the activity was affecting employee email systems June 2020
Bad actors were able to log into a number of employee email accounts gaining access to more than 36,000 patients' information

eResearch Technology, Philadelphia County

Breach Type – Unknown, Ransomware

Fierce Biotech
October 6, 2020

Philadelphia company which sells software for clinical trials was hit by ransomware attacked according to the NYT slowing down trials for COVID-19
The company had to take its systems offline to allow for FBI and cyber security investigations
The attack forced trial researchers to track patients tests with pen and paper causing delays

Einstein Health Network, Philadelphia County

Breach Type – Hacking, Data Breach

Becker's Hospital Review
October 12th, 2020

Bad actor was able to gain access to employee email accounts between August 5th and August 17th
The incident is still being investigated by the health system and information is being reviewed
Over 1,800 individuals were affected by exposure

Independence Blue Cross, Philadelphia County

Breach Type – Hacking, Data Breach

Becker's Hospital Review
July 6th, 2020

Bad actors hacked into healthcare provider during cyberattack
Officials remained unsure if unauthorized person accessed files
Names, identification numbers, spending account balances likely accessed

Everett & Hurite Ophthalmic Association (EHOA), Alleghany County

Breach Type – Phishing, Data Breach

EHOA Public Statement
May 22nd, 2020

Employee email account used in elaborate phishing cyberattack
Dates of birth, social security numbers among stolen information
Officials began investigation and response, notified law enforcement

Crozer-Keystone Health System, Delaware County

Breach Type – Unknown, Ransomware

Coin Telegraph
June 16th, 2020

Crozer-Keystone suffered a ransomware attack from the "NetWalker" gang that is now auctioning off the stolen data
The data was accessed and from analysis it looked like there was no sensitive medical information posted
NetWalker claims that the health system never posted ransom hence why the information was posted for auction

Meadville Medical Center, Crawford County

Breach Type – Unknown, Malware

Meadville Tribune
March 28th, 2020

Medical center network was disrupted during midst of Covid-19 pandemic
Health records and email systems were affected by the unknown malware
Patient care remained unaffected, and no delays were reported

Meadville Medical Center, Crawford County

Breach Type – Hacking, Data Breach

Meadville Tribune
January 30th, 2020

Bad actors likely accessed private information for employees and dependents
Officials believed patient information remained intact and wasn't accessed
Federal authorities assisted IT team investigations for the breach

Geisinger Health Plan, Montour County

Breach Type – Phishing, Data Breach

HIPAA Journal
October 24th, 2019

Pennsylvania health center was victim of phishing cyber attack
Bad actors accessed and stole personal information
Officials believed attack was to access email accounts

Ellwood City Medical Center, Lawrence County & Beaver County

Breach Type - Unknown, Malware

Ellwood City Ledger
June 5th, 2019

It was announced that the attack, determined to be a virus, had finally been contained
There is no signs that any private patient information had been exposed or taken
Investigations are continuing in an attempt to prevent any continual occurrences and repeat occurrences

Eurofins Lancaster Laboratories, Lancaster

Breach Type - Unknown, Ransomware

Lancaster Online
June 11th, 2019

The ransomware attack lead to the compromise of several facilities causing them to be disrupted
Several employees were unable to work due to hardware being corrupted and unusable with this new variant of malware
This malware was so largescale it was able to cause disruption across several countries affecting IT systems

The May Eye Care Center & Associates, York County

Breach Type - Ransomware

Data Breaches
November 9th, 2018

May Eye Care Center’s server and electronic medical records system compromised in ransomware attack
Patient Health information and limited financial information stored on compromised server
Hackers potentially breached private information
May Eye Care Center notified the affected individuals

Children’s Hospital of Philadelphia, Philadelphia County

Breach Type - Phishing, Data Breach

Children's Hospital of Philadelphia
October 23rd, 2018

2 phishing incidents impacted operations at Children’s Hospital of Philadelphia
Unauthorized access was detected, and CHOP immediately launched investigation
Email accounts contained sensitive PHI, potentially compromising those affected

UPMC Cole, Potter Co.

Breach Type - Phishing, Data Breach

Olean Times Herald
July 17th, 2018

790 patients informed of potential PHI data breach
Two phishing attacks targeted UPMC Cole email accounts
No medical record systems breached

Women's Health Care Group of Pennsylvania

Breach Type - Ransomware

Healthcare IT News
July 27th, 2017

Ransomware infected a server & workstation at one of Women's Health Care practices
Officials isolated the infected server & workstation from the network
The health system could not determine if patient data was acquired or viewed by hackers
300,000 patients potentially affected by breach

Heritage Valley Health Systems

Breach Type - Ransomware

WPXI News
June 27th, 2017

Ransomware attack hits globally, infecting Heritage Valley Health systems in four PA counties
Implemented anti-virus software to defend against attack
Staff resorted to downtime procedures, making operational adjustments to ensure safe patient care

Pennsylvania Ambulatory Surgical Center

Breach Type - Ransomware

HIPAA Journal
July 15th, 2016

Staff members alerted their IT department when they could not access files
IT department discovered ransomware infected the servers
Restored all systems without paying ransom to hackers
Sent breach notification letters to 13,000 potentially affected individuals

Main Line Health

Breach Type - Phishing

Data Breaches
March 3rd, 2016

Employee fell victim to hack by responding to phishing scheme
Affected all personal info of Main Line employees
Main Line Health alerted IRS and FBI to pursue investigation

Education

Pennsylvania school district to stay open despite ransomware attack, Franklin County

Breach Type – Unknown, Ransomware

The Record
September 5th, 2023

“A school district in Pennsylvania kept its doors open on Friday despite announcing a ransomware attack that caused disruptions to its computer systems..”
“On Thursday, the Chambersburg Area School District published a message on its website and social media channels announcing that it had become yet another K-12 school district attacked by a ransomware gang.”
”As you are aware, we have been experiencing a network disruption affecting the operability of certain CASD computer systems. In working with various specialists, at this time we can confirm that this disruption is related to a ransomware event,” district officials said.
”The district, which is about 30 minutes away from the state’s border with Maryland and serves about 10,000 students, said all schools will open on a regular schedule on Friday.”

Possible security incident on Carlisle Area School District internet system, Cumberland County

Breach Type – Unknown, Other

WGAL.com
September 2nd, 2023

“A possible security incident involving the Carlisle Area School District's internet system is under investigation, according to an email sent Friday by Superintendent Colleen Friend.”
“This is what Friend's email said: "
”The investigation is ongoing, but, so far, the district has not found evidence that unauthorized acquisition or misuse of personal information occurred, she said."
”Dear CASD Families, Yesterday afternoon we learned of a possible security incident on our internet system. In an abundance of caution, we have shut down our internet system until it can be fully investigated. There is no known safety threat to our schools, students, or staff; however, we will be operating without internet in the school district today. Our phones are fully functional, and our website is up and running.”

Ransomware attack hits Lebanon schools, Lebanon County

Breach Type – Unknown, Ransomware

VNews.com
June 29th, 2023

“The Lebanon School District was hit by a ransomware attack earlier this month, according to outgoing Superintendent Joanne Roberts.”
“After learning of the June 15 attack, the district engaged “outside cybersecurity experts” to help secure its systems and investigate the nature and scope of the attack, Roberts wrote in a Wednesday email. Out of caution, the district shut down systems such as payroll and PowerSchool, a database used to manage student information."
”The investigation is ongoing, but, so far, the district has not found evidence that unauthorized acquisition or misuse of personal information occurred, she said."
”The district, which has about 1,600 students and 360 employees, also has informed staff, parents, as well as the district’s insurance carrier, the U.S. Department of Education and local and federal law enforcement agencies of the attack. It will continue to provide updates as the investigation progresses, she said.”

PENNCREST School District dealing with ransomware attack, Crawford County

Breach Type – Unknown, Other

DataBreaches.net
May 2nd, 2023

”Over the weekend, the PENNCREST School District became aware of a situation, believed to be a ransomware event, which has disrupted certain aspects of our operations.”
”We quickly took steps to implement our Cybersecurity Incident Response Plan. Following our plan, we shut down and disconnected the entire network and technology infrastructure.”
”We are now working diligently with external cybersecurity specialists to conduct a thorough forensic investigation into the nature and scope of the event and to securely restore operations.”
”At this time, we have not identified evidence of any data loss, data access, or data theft as a result of this event.

Tech School 'Prevented Catastrophe' with Antivirus, Backup, Luzerne County

Breach Type – Unknown, Ransomware

GovTech
March 11th, 2023

“Wilkes-Barre Career and Technical Center in Pennsylvania reportedly thwarted a cyber attack this week with backup procedures and by shutting down its network, resorting to remote instruction."
“Computer crews were working inside the building making sure computers were not infected, and cell phones and laptops were not infected.”
”The server that was attacked had payroll data for the school and some of the school's member school districts, but all employees are expected to be paid Friday because the data was backed up on a cyber cloud.”
”Guariglia suspects the school was the victim of a ransomware attack, but he said he is not aware of anyone receiving an email demanding a cryptocurrency ransom.

Ransomware attack takes Corry school district offline, Erie, Warren and Crawford Counties

Breach Type – Unknown, Ransomware

The Corry Journal
October 18th, 2022

“Some Corry Area School District servers were rendered useless after the school district's network was attacked by ransomware over the weekend. All schools in the district were operating on a two-hour delay for students today to give teachers additional time to plan lessons without the use of technology as the ongoing fallout from the attack continues to impact internal operations of the district.”
"The first thing we did was made sure the attack was mitigated," CASD Technology Director Andrew Schmidt told The Corry Journal this morning. "We made sure that personal information, student information and faculty information was not accessed as that is not housed here. It is housed off site with third-party vendors, so we assured that was safe.” “For this resident, the city determined files impacted by the breach contained their Social Security number, name, and date of birth.”
”The attacker did not communicate how much was being sought from the school district, which did not pay anything in response to the ransomware, according to Schmidt. "No, we didn't even engage with the actors," he said. "We did not communicate with them." When asked how this happened, Schmidt responded, "We're still investigating."

Mars k-12 district in Pennsylvania victim of ransomware attack; data leaked, Butler County

Breach Type – Unknown, Ransomware

Data Breaches
October 12th, 2022

“According to niche.com, MASD is a k-12 district with 3,334 students. In a notice posted on the district’s website on October 3, Superintendent Gross described the progress the district was making in recovering from a ransomware attack they originally disclosed on September 27. In their earliest announcement, the district had indicated that it did not have access to e-mail or to the District’s Internet network, but the phone system was unaffected and that schools would remain open as they worked through the recovery. They had also announced, “at this time, there is no evidence that student or employee records were compromised or at risk.”
”As of October 3, the investigation was still in its early stages, and they no longer stated that there was no evidence of student or employee records being compromised. In that update, they wrote, “The District will give appropriate notice to those affected, in accordance with applicable data protection obligations, once we have completed our forensic review.” A preliminary review by DataBreaches of the data leaked by Vice reveals that a lot of old files, some with personal information, have been dumped on the internet for anyone to download.”
“Of special note: a file with personnel information from 2016-2017 contains information on more than 350 employees with their Social Security Numbers, first and last names, date of birth, work and personal email addresses, and phone numbers. No databases were noted in DataBreaches’ preliminary review, but a number of individual records on employees and students revealed sensitive information on named individuals. As a few examples, DataBreaches noted:”

Ringgold Student Data Leak Revealed, Washington County

Breach Type – Unknown, Data Breach

Observer
September 7th, 2022

"Some student data was leaked via email last week, Ringgold School District announced Monday."
"Upon learning about the accidental release of student data at one of our schools, the district immediately retracted the email from anyone who had not yet opened it."
"Distribution of the erroneous email was not distributed outside of that one school’s family community,” Randall said. “In addition, we have added a series of safety steps to ensure a human error of this nature does not occur again."

Moon Area School District investigating 'cyber incident' disrupting computer systems, Lamoille County

Breach Type – Unknown, Malware

WPXI Channel 11 Pittsburgh
August 12th, 2022

"A local school district is working to investigate and resolve a disruptive cyber “incident” impacting operations just days before the start of the school year."
"We recently began experiencing a cyber incident that has encrypted some of our systems, resulting in a disruption to certain computer systems and operations."
"We are working diligently with third-party specialists and government authorities to investigate the source of this disruption, confirm its impact on our systems, and restore full functionality to our environment and operations as soon as possible.”

Superintendent speaks out about cyber security incident at Altoona Area School District, Blair County

Breach Type – Hacking, Malware

WJAC TV
March 11th, 2022

"Back in early December of last year the school had an attack on their "routing server" after which they started working with a high-end security software on all of the district servers."
"This week district administration was contacted by employees saying they had been informed by their credit monitoring services that their social security numbers or medical identification numbers were found on fraudulent trading websites on the dark web."
"The hackers posted on a dark website 10 gigabytes of information that also included students' birth dates and addresses, which were already public information."
"The district will be providing employees with "up to" two free years of data security and protection coverage as well as giving out new medical identification cards to their staff."

Authorities investigate ransomware attack in Fleetwood ASD, Berks County

Breach Type – Unknown, Ransomware

WFMZ
March 4th, 2022

" Officials at a school in Berks County said their computer systems were attacked by ransomware."
"there is no threat to the safety of students or staff and that the systems containing student and financial information are housed off-site and have not been affected."
"The district is still working with local law enforcement and the FBI during their investigation."
"Currently, this event is still resulting in a disruption to the technology systems of the district."

Harmony's computer system recovering from cyber attack, Clearfield County

Breach Type – Unknown, Malware

The Progress News
February 2nd, 2022

“Harmony Area School District is recovering from a cyber-attack to the district’s computer network.”
“…The district’s system was recently hacked”
“Some things remain to be fixed,” he said, adding, “But for the most part we are back up and running.”
“…estimated the cost at approximately $5,000, which included expenses for a security upgrade to the system’s hardware.”

Cyber Attack on Pennsbury's Computer System Reported, Bucks County

Breach Type – Hacking, Data Breach

Patch.com
January 24th, 2022

"The Pennsbury School District has announced that their computer systems suffered a cyber attack on Sunday."
"their internet security monitoring service found a data breach in their systems, which was immediately worked on to mitigate the issue."
"No pertinent information regarding students or staff was leaked during the breach. However, the breach will impact email communications and students who are learning remotely."

Butler Community College closes for 2 days after cyber attack, Butler County

Breach Type – Unknown, Ransomware

Pittsburgh Post Gazette
November 29th, 2021

"Butler County Community College has closed its main campus and canceled remote classes, online credit classes and noncredit courses due to a ransomware attack"
"… the closures will affect classes Monday and Tuesday as the school “restores databases, hard drives, servers and other devices affected by a ransomware attack.”
“its information technology division “noticed widespread technical difficulties,” and officials believe the attack originated on Nov. 19. Since then, the IT staff “have worked extensively over the holiday break to address the issue,”

Millersville University, Lancaster County

Breach Type – Unknown, Malware

MSN
March 3rd, 2021

A public statement released noted that the university had received an external attack on systems
The identifiable information on systems has been encrypted since 2019
Due to security techniques the university believes the data has not been compromised

Fox 43
March 18th, 2021

The university president announced in a campus-wide email that some student's information was exposed
Affected individuals will be given notice and resources in accordance with state law

Juniata College, Huntingdon County

Breach Type – Phishing, Data Breach

Data Breaches
December 21st, 2019

Officials uncertain if bad actors gained access to confidential information
Possible leaked data includes bank, passport, and medical information among others
Statement was released about incident and steps for individuals to take

Wyoming Area School District, Luzerne County

Breach Type – Unknown, Ransomware

The Citizen’s Voice
October 1st, 2019

School district forced to pay $38,000 ransom to bad actors
Officials believed the attack originated in Iran or India
Payment likely encouraged other bad actors

Wallenpaupack Area School District, Pike & Wayne Counties

Breach Type – Unknown, Ransomware

Neagle
September 19th, 2019

School district attacked second time this year, led to shutdown of 3,000 computers
Officials with the school confirmed they had been hit with ransomware
Superintendent advised that no personal information had been leaked in the attack

Ridgway Area School District, Elk County

Breach Type – Unknown, Ransomware

Brad Fordera
August 10th, 2019

The district suffered a virus attack but no data had been compromised
Files were encrypted as the virus spread on the servers, no confidential data was accessed
Extra help was requested to ensure the school year starts as normal

Newport School District, Perry County

Breach Type - Phishing, Malware

Penn Live
March 30th, 2019

Computers were infected by a virus that came through an email
The virus was hidden among a marketing scheme compromising staff information
It took several weeks to fix and no student information was compromised

Franklin Regional High School

Breach Type - DDoS/Other

Bleeping Computer
November 25th, 2016

Student purchased BetaBooter, an IP stressing platform, to launch DDoS attacks on high school
Attacks targeted Franklin Regional - affecting over a dozen school districts on shared server infrastructure
DDos interrupted the network from 10-45 minutes every time

Pennsylvania Cyber Attacks

Infrastructure Affected

Public Safety

Government

Medical

Education

Public Safety

Local Government

Medical

Education

Want the latest in
9-1-1 Cyber News?

Follow Us!

Pennsylvania Cyber Attacks

Infrastructure Affected

Public Safety

Government

Medical

Education

Public Safety

Local Government

Medical

Education

Want the latest in9-1-1 Cyber News?

Follow Us!

Want the latest in
9-1-1 Cyber News?