DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

AllyAlign notifies 76,348 members and providers of ransomware attack

Posted on March 3, 2021 by Dissent

AllyAlign Health (AAH), a Medicare Advantage special needs plan administrator, recently notified 76,348 members and providers of an attempted ransomware attack. But how successful were the threat actors? And what could the Virginia firm figure out and what couldn’t they figure out based on their investigation?

According to AAH’s notification letter, the attack occurred on November 13, and was detected on November 14. AAH considered the incident to be “discovered” on February 2.

AllyAlign Health Logo

In writing to insured members, David Crocker, AAH’s CIO, wrote that AAH had found no evidence that their information had been specifically accessed or acquired for misuse. But then there’s this:

However, due to the compromise of our network, we are notifying you of this incident. It is possible that the following information, if maintained by AAH, could have been exposed to the unauthorized third party: first and last name, mailing address, date of birth, social security number, Medicare Health Insurance Claim Number (HICN), Medicare Beneficiary Identifier (MBI), Medicaid recipient identification number (if applicable), medical claims history, health insurance policy number, and other medical information.

Confused“if maintained by AAH”? “If?”

Why don’t they tell people exactly what information AAH did maintain on them? Isn’t that part of the point of notification under HIPAA and HITECH?  The notification letter to providers had a similar structure but different data types:

first and last name, mailing address, date of birth, social security number, Council for Affordable Quality Healthcare (CAQH) credentialing information (if applicable).

So providers may or may not have had their SSN exposed and the entity isn’t even telling them whether that data was on file for them.

AAH is offering those notified credit monitoring and identity theft protection services through IDX. Maybe if people call IDX, IDX can tell them exactly what types of information AAH had on file that was potentially exposed to the threat actor(s)?

DataBreaches.net sent some questions to AllyAlign yesterday but has received no response by the time of this publication. The incident does not appear to be on HHS’s public breach tool at this time.

Update 2:47 pm. The incident now appears on HHS’s breach tool as impacting 33,932 health plan members. Given the number they reported to a state attorney general, the difference may represent the number of providers notified.

No related posts.

Category: Breach IncidentsHealth DataMalwareSubcontractorU.S.

Post navigation

← UK Reputation Risk Intelligence Company Left 30TB Server Exposed
Indian state government website exposed COVID-19 lab test results →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hunters International to provide free decryptors for all victims as they shut down (1)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • DOJ investigates ex-ransomware negotiator over extortion kickbacks
  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
  • One in Five Law Firms Hit by Cyberattacks Over Past 12 Months
  • U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.