| Business

Larger text Larger text Smaller text Smaller text | Order Photo Reprints

Uniontown Hospital among cyberattack targets

Courtesy Photo The new main entrance to Uniontown Hospital.

Email Newsletters

Click here to sign up for one of our email newsletters.

On the Grid

From the shale fields to the cooling towers, Trib Total Media covers the energy industry in Western Pennsylvania and beyond. For the latest news and views on gas, coal, electricity and more, check out On the Grid today.

'American Coyotes' Series

Traveling by Jeep, boat and foot, Tribune-Review investigative reporter Carl Prine and photojournalist Justin Merriman covered nearly 2,000 miles over two months along the border with Mexico to report on coyotes — the human traffickers who bring illegal immigrants into the United States. Most are Americans working for money and/or drugs. This series reports how their operations have a major impact on life for residents and the environment along the border — and beyond.

Tuesday, Feb. 26, 2013, 9:01 p.m.

The hacking group Anonymous says it accessed computers at Uniontown Hospital and posted online information that includes names, phone numbers, street addresses and email addresses for doctors and people who signed up for a hospital newsletter.

With big name companies such as Burger King, Jeep, Apple and Twitter coming forward in recent days to say they've been hacked, it's easy to forget that smaller targets are at risk.

The 224-bed Uniontown Hospital is Fayette County's top private employer, with a medical staff of about 200 and an annual budget of about $140 million.

The breach occurred two years ago, James Proud, the hospital's vice president of human resources and marketing, told the Tribune-Review on Tuesday. He said the information posted did not include medical records or more personal information such as Social Security numbers or credit card numbers. The hospital fixed the problem but cannot stop hackers from sharing the information.

“We're aware of it,” Proud said. “We fixed it. ... There is no penetration now.”

But a data breach blogger who volunteers for the Open Security Foundation, a Virginia nonprofit that looks for hacks and alerts those affected by breaches, said the Uniontown Hospital data was posted in December.

Soon after, links to the data appeared on social media sites and websites used by hackers and computer security experts who try to identify breaches. When the hospital did not respond to warnings, the blogger — who asked not to be identified to be protected from attack — reached out to the Trib out of concern for the affected people.

The information that was taken is “not benign” because it could be used for spear-phishing attacks in which criminals use a few details to trick victims into divulging more, said Eric Chapman, deputy director of the Maryland Cybersecurity Center at the University of Maryland. But the theft is not as serious as if the hackers had accessed bank information or more personal data, he said.

The bigger concern is that these sorts of attacks happen regularly at organizations big and small, he said.

“It seems like that's becoming a mainstream sport,” Chapman said. “That's troubling. It's certainly up for debate whether they're doing something for the public good.”

As soon as databases of any kind go online, attackers start looking for targets of opportunity, said Kevin Kjosa, assistant director of the Center for Infrastructure Assurance and Security at the University of Texas at San Antonio.

“I am not surprised at all,” he said. “The idea of a small hospital being attacked is unfortunately going to become more common.”

Several people whose data was posted online said they had not been contacted by the hospital.

Notification wouldn't have made any difference, said Mary Ann Ealy, 51, of Waynesburg. She keeps close track of her bills and the email address that was posted has been out of use since 2011. Still, she remains suspicious about the Web.

“The Internet is the failure of our country, I believe,” she said. “There's too much information out there for people.”

Andrew Conte is a staff writer for Trib Total Media. He can be reached at 412-320-7835 or

Add Andrew Conte to your Google+ circles.

Subscribe today! Click here for our subscription offers.




Show commenting policy

Most-Read Business Headlines

  1. Cost-cutting at Kraft Heinz extends to refrigerator
  2. Kennametal expects to consolidate plants as it shrinks manufacturing in continuing streamlining; profit drops
  3. GNC to convert more stores to franchises as sales, profits slip
  4. Invasive beetle costs Pittsburgh-area power companies plenty
  5. Muni bond funds stressed
  6. U.S. asks Supreme Court to reinstate convictions of portfolio managers who won on appeal
  7. Home rental prices jumped again in June
  8. Range Resources cuts workforce 11%
  9. PPG puts brand 1st in strategy to reach commercial paint market
  10. Economy’s 2Q best since last year
  11. Travelers find direct Web route to Priory’s spirited past in North Side