A data breach at one of Pennsylvania’s largest health networks has sparked safety concerns and questions regarding why it took several months for patients to be notified.
The Women’s Health Care Group of Pennsylvania, which is based in Oaks, Pennsylvania but has 45 offices serving women in Montgomery, Chester and Delaware Counties, sent a letter to patients this month informing them that hackers had stolen their information. That information included patient names, birth dates, social security numbers, pregnancy histories, blood type information and medical diagnoses.
“Once the information is out there, it’s out there,” said Kevin Hyde, a cyber security expert with Layer 8 Security. “There’s no getting it back. There's no pulling it back in."
Breaking news and the stories that matter to your neighborhood.
Hyde told NBC10 hackers can sell medical records on the dark web in bulk.
“So the information that’s captured is highly dangerous, highly sensitive information,” he said.
Chris Higgins, whose wife is a patient with the Women’s Health Care Group, emailed NBC10 after receiving a letter from the medical office detailing what was stolen.
“If a doctor’s office I think is going to ask for this type of information, you really feel like it should be encrypted as best as possible,” Higgins said. “It was a little infuriating for my wife and I.”
According to the letter, the information was stolen in January but they didn’t discover it was stolen until May and patients weren’t notified until July.
“It concerns me it took them that long,” Higgins said.
The Women’s Health Care Group of Pennsylvania filed a report with the FBI. They also told patients they are offering a year of identity protection. NBC10 reached out to the group who told us they have “no comment.”