Atlanta Allergy & Asthma (AAA) began informing 9,800 patients on August 25 of a cyberattack that resulted in PHI being deleted from the management infrastructure in January.
On January 5 and January 13, 2021, AAA discovered unusual activities on its network. The supplier found that PHI was taken from its system in July after a comprehensive examination.
Real names, birth certificates, Social Security numbers, diagnosis, treatment information and charges, physician lists, banking details, therapy site, dates of treatment, and client health insurance data were among the information that was deleted.
The notice noted, “To date, AAA does not know of any allegations of identity fraud or inappropriate use of any data as a direct result of this event.”
Individuals who are affected should sign up for free credit monitoring services, set a fraud warning on their credit reports, and keep an eye out for unusual activity, according to the statement. The notice went on to say, “AAA is dedicated to protecting the privacy of personal information in its control and has taken several steps to do so.”
“To improve the security and privacy of personal information, AAA constantly reviews and adjusts its policies and internal controls.”
With 17 sites around Atlanta, GA, AAA is the biggest allergy group in the region. In the healthcare industry, data breaches like this one are becoming almost everyday occurrences, posing a risk to patient care coordination and safety. During COVID-19, the healthcare industry experienced a significant surge in data breaches.
In mid-August, Memorial Health System, which has sites in West Virginia and Ohio, experienced a cyberattack that resulted in appointment delays and emergency department diversions. Clinical and financial activities were also interrupted as a result of the hack.
In mid-June, another attack on University Medical Center (UMC) in Las Vegas revealed patients’ and employees’ PHI. Patient treatment was not affected by the occurrence. HHS issued a unified cybersecurity alert in late 2020 due to the increasing frequency of cyberattacks.
Many healthcare organizations, however, are still unprepared for cyberattacks. According to a recent poll, many hospital IT teams do not prioritize cybersecurity investments, and the majority of hospitals are vulnerable to some of the most prevalent vulnerabilities.
Although hospitals may patch machines, train workers, and enable two-factor authentication, the responsibility does not fall solely on them. Cyberattacks are becoming more common, and the federal government is taking note.
Early this year, President Biden issued an executive order aimed at strengthening the nation’s cybersecurity infrastructure and ensuring supply chain security.
The Government Accountability Office (GAO) performed a study in June that revealed a substantial lack of clearly defined roles and duties within HHS’ security divisions, which might have resulted in insufficient cybersecurity efforts.