PHI of 9,800 Atlanta Allergy & Asthma Patients Exposed in Cyberattack

Atlanta Allergy & Asthma has commenced informing 9,851 patients concerning a January 2021 cyberattack wherein their protected health information (PHI) was exposed and likely breached. Atlanta Allergy & Asthma reported its investigation into the incident confirmed that hackers got access to its system between January 5 and January 13, 2021. Upon finding out about the breach, the provider took action promptly to remove the unauthorized people from its network and offset any probable harm.

Atlanta Allergy & Asthma employed third-party cybersecurity specialists to find out the nature and magnitude of the breach, with the investigation establishing that the attackers acquired access to segments of the network where documents were kept that included PHI.

A detailed analysis was performed of those documents. Atlanta Allergy & Asthma stated it was established on July 8, 2021 that these types of information were potentially compromised: Names, dates of birth, financial account numbers and/or routing numbers, Social Security numbers, diagnoses, treatment data and costs, procedure types, treatment site, dates of service, provider names, patient account numbers and/or health insurance details.

Atlanta Allergy & Asthma stated it’s not advised of any attempt or actual patient data misuse due to the breach. Commencing on August 20, 2021, the provider sent notification letters to the impacted persons to forewarn them of the exposure of their patient records to make it possible for them to take action to secure against identity theft and fraud, such as obtaining credit monitoring and identity protection services that are being provided cost-free to affected patients.

Atlanta Allergy & Asthma mentioned it consistently measures its cybersecurity strategies and internal controls and is going to be taking action to boost the security and privacy of patient records.

Atlanta Allergy & Asthma’s breach notification letter did not reveal the particular nature of the cyberattack; nonetheless, got information that this was a ransomware attack conducted by the Nefilim ransomware threat group and that sensitive files were ripped off in the attack. A number of the stolen information comprised patient data and 2GB of stolen records were left on the Nefilim data leak webpage in March 2021.