Penn. data breach caused by hacking of third-party vendor

A physician at Penn Highlights Brookville, a healthcare service, informed patients of a breach after an intruder accessed personal data stored on the server of a Ohio-based third-party vendor.

In mid-August, Penn Highlands Brookville discovered that a computer server containing patient information of Barry J. Snyder, MD, was compromised when a third-party intruder potentially had access to information contained on the server, according to the provider.

Data at risk include patient names, addresses, dates of birth, driver’s license numbers, Social Security numbers, phone numbers, insurance information, medical information and gender.

“Our forensics experts cannot verify with 100 percent certainty that the data security event occurred, but Penn Highlands Brookville is providing notice to affected patients so that they may take steps to protect their identity if they feel it is necessary,” according to a notice.

Highlands Brookville has hired national security and computer forensics experts to investigate, and has taken efforts to have the third-party vendor remove and destroy the data contained on the affected server. Likewise, affected patients are receiving free identity monitoring and protection services.
 

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.