PHI of 9,800 Atlanta Allergy & Asthma Patients Compromised in Ransomware Attack

Atlanta Allergy & Asthma has begun sending notifications to 9,851 patients regarding a January 2021 cyberattack whereby their protected health information (PHI) was exposed and possibly breached. Atlanta Allergy & Asthma stated its investigation into the incident established that hackers got access to its system from January 5 to January 13, 2021. Upon uncovering the breach, action was quickly taken to take out the unauthorized people from its network and minimize any possible harm.

Atlanta Allergy & Asthma involved third-party cybersecurity experts to establish the nature and extent of the breach, with the investigation affirming that the attackers acquired access to areas of the network where records were saved that contained PHI.

A thorough evaluation was done of those documents. Atlanta Allergy & Asthma stated it was affirmed on July 8, 2021 that these types of data were possibly exposed: Names, birth dates, financial account numbers and/or routing numbers, Social Security numbers, diagnoses, treatment data and costs, types of procedure, treatment area, dates of service, names of provider, patient account numbers and/or medical insurance details.

Atlanta Allergy & Asthma mentioned it isn’t informed of any attempt or actual patient information misuse due to the breach. Beginning on August 20, 2021, the provider mailed notification letters to the impacted persons to advise them to the compromise of their patient records to enable them to do something to safeguard against identity theft and fraud, which include getting credit monitoring and identity protection services that are being given totally free to affected patients.

Atlanta Allergy & Asthma mentioned it continually assesses its cybersecurity procedures and internal controls and is going to be doing something to improve the security and privacy of patient information.

Atlanta Allergy & Asthma didn’t divulge the precise nature of the attack in its breach notification letter; nevertheless, acquired proof that this was a ransomware attack done by the Nefilim ransomware threat gang, and that sensitive information was taken in the attack. A few of the stolen information included patient data and 2GB of stolen files were put on the Nefilim data leak website in March 2021.

About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at