Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.917 = Severe
Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that they experienced a data breach that involved protected health information. Bloggers spotted the data on the dark web, where it had been posted by the Nefilim ransomware group, also known as Nempty. The gang nabbed 2.5 GB of data consisting of 597 files with PHI.
Individual Risk: 1.835 = Severe
The data seen by researchers include what appears to be thousands of records for patients. The files are not just current or recent billing-related files but also included spreadsheets organized by type of health insurance, records on outstanding claims from 2017 and 2018, and more than 100 audits including a multi-page detailed review of a patient’s case.
Customers Impacted: 9,800
How It Could Affect Your Customers’ Business Medical data is a big revenue driver for cybercriminals but it is an even bigger revenue disaster for the medical practices that lose it to cybercrime.