Allegheny Health Network Data Breach
Allegheny Health Network Integrated Health System Breach (2025): 194K Contact Records Exposed
Integrated healthcare delivery system.
Risk Interpretation
Severe risk. Exposure enables identity theft, medical fraud, insurance abuse, and targeted scams exploiting care relationships or treatment status.
Impact & Downstream Threats
The institutional impact on AHN is substantial because the underlying IntraSystems incident affected a large share of AHN's home-care patient base. Federal HIPAA notification obligations, an Office for Civil Rights review, multistate attorney-general filings, and class-action litigation are all underway. The vendor-pathway nature of the breach raises broader supply-chain governance questions for AHN's procurement and security functions. The Highmark Health parent enterprise has had to manage rep
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
Threat Vectors
Breach Intelligence
Executive Summary
Allegheny Health Network Home Medical Equipment (AHNHME) publicly announced a data breach in April 2025, following a related disclosure earlier the same year covering the broader Allegheny Health Network home-care patient population. The underlying intrusion occurred at IntraSystems LLC, a third-party IT vendor managing servers for AHN's Home Medical Equipment and Home Infusion subsidiaries. Unauthorized access to those systems took place between October 11 and November 19, 2024 and was discovered on November 19, 2024.\n\nThe AHNHME-specific dataset indexed by breach-tracking services covered approximately 194,000 records. Compromised fields in the publicly indexed subset included names, email addresses, and phone numbers. The broader IntraSystems incident affecting AHN home-care patients more generally was disclosed to the Massachusetts Attorney General as compromising names, dates of birth, addresses, Social Security numbers, financial account numbers, and health insurance information for approximately 293,900 patients. AHN began notifying affected individuals on January 17, 2025 with respect to the broader IntraSystems disclosure, with AHNHME-specific notification continuing through the spring of 2025.\n\nFor affected patients, the practical risk depends on which records were involved. Patients in the AHNHME-specific publicly indexed subset face primarily phishing-and-impersonation risk from the name, email, and phone exposure. Patients in the broader IntraSystems disclosure face more severe identity-fraud and financial-fraud risk because of the Social Security number, date of birth, and financial account number exposure. Affected individuals should freeze credit at all three U.S. bureaus, monitor health-insurance and financial statements closely, and treat unsolicited contact referencing AHN, home medical equipment, or related services with caution.
About Allegheny Health Network
Allegheny Health Network (AHN) is an integrated healthcare delivery system based in Pittsburgh, Pennsylvania, serving patients across Western Pennsylvania, Western New York, and parts of Ohio. AHN operates fourteen hospitals along with a wide network of outpatient facilities, primary care offices, and specialty practices, and is part of the Highmark Health enterprise. The breached subsidiary, AHN Home Medical Equipment (AHNHME, ahnhme.org), provides in-home medical supplies and support services across the AHN service area, including durable medical equipment, oxygen, respiratory therapy, and home infusion. As a HIPAA-regulated healthcare operator, AHN maintains substantial volumes of protected health information across hospital, clinic, and home-care operations.
Why They Hold Your Data
Integrated health systems collect patient identity, contact, insurance, billing, appointment, and clinical records across hospitals, clinics, and administrative operations.
Recent Developments
AHN began notifying patients about a related broader incident in January 2025, when its third-party IT vendor IntraSystems LLC was found to have suffered unauthorized access between October 11 and November 19, 2024 affecting roughly 293,900 home medical equipment and home infusion patients. AHNHME then issued an additional notification round in April 2025 covering the AHNHME-specific subset of records. The Pennsylvania-based health system has continued to operate normally and has implemented additional vendor-management controls. Class-action investigations by U.S. plaintiff law firms began organizing in early 2025 following the initial IntraSystems disclosure.
Data Points Exposed
Canonical Fields
email_address, full_name, phone_number
Dark Web Verification
- Dataset containing ~194K records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: allegheny-health-network-2025
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Allegheny Health Network
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam