DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Arizona Asthma and Allergy Institute Provides Notice of Maze Attack in 2020

Posted on June 11, 2021 by Dissent

An incident initially reported to HHS on May 3 has been updated to 70,372 patients from the initial report of 50,000.  The following is the entity’s notice on their web site, and after you read it, I’ll meet you on the other side to explain it more, because they only discovered the breach when DataBreaches.net contacted them. 


10/1/2015 – 6/15/2020

Arizona Asthma and Allergy Institute Provides Notification of Data Security Incident

Peoria, AZ – Arizona Asthma and Allergy Institute (“Institute”) announced today a data security incident that may have impacted limited protected health information belonging to Institute patients. The Institute takes the privacy and security of all information very seriously.

The Institute learned that certain data made publicly available under the name of a different organization for a brief period in September 2020, and may have included Institute data. Upon discovery, the Institute immediately began investigating, with the assistance of a third-party forensic security firm, to determine the scope of this incident. Based on this investigation, the Institute confirmed on March 8, 2021, that the available data included limited information related to Institute patients that received services between October 1, 2015 and June 15, 2020.

The personal information available included individuals’ first and last name in combination with their patient identification number, provider name, health insurance information, and treatment cost information. It is important to note that the Institute has no evidence to suggest that any personal information has been misused. Nonetheless, out of an abundance of caution, the Institute is providing notice to those affected individuals. The notices include information about this incident and about steps that potentially impacted individuals can take to monitor and help protect their information. The Institute takes the security of all information very seriously and has taken steps to enhance security measures to help prevent a similar occurrence in the future.

The Institute recommends that individuals remain vigilant in regularly reviewing and monitoring their explanation of benefits statements to guard against any unauthorized transactions or activity. The Institute has established a dedicated assistance line to address any questions individuals may have which can be reached at 855-654-0915, Monday through Friday, 7 a.m. to 7 p.m. Mountain Time. The Institute may also be contacted by mail at 13965 N 75th Ave, Peoria, AZ 85381.


Some additional details on this incident from DataBreaches.net’s files:

This incident was actually a ransomware attack by Maze threat actors that was posted to their dedicated leak site in 2020 as belonging to “Medical Management Inc.” or “MedMan.com.” The exact date it was first posted is not known to DataBreaches.net, but it was up longer than just a “brief period in September,”  because in November, this site wrote again to medman.com to inquire about it. Then in January, when DataBreaches.net wrote an article about “Without Undue Delay,” an astute reader reached out to alert me that “MedMan” was the wrong attribution and that the data appeared to come from Arizona Asthma & Allergy Institute. And so on January 5, 2021, DataBreaches.net reached out to them.

They responded promptly, and DataBreaches.net provided them with a copy of the data dump that consisted of about 270 mb (compressed) of billing and insurance claims data, including EDI. The data dumps had been available on both Maze’s dark web and clear net leak sites.

So it appears that Arizona Asthma & Allergy had not detected any breach of their system in 2020 until DataBreaches.net contacted them in January, 2021 but then they pursued their investigation and notified HHS and patients.

Maze closed up shop months ago. But who wound up with their data and what is being done with it? The fact that the dump from Arizona Asthma & Allergy Institute is no longer available on Maze’s leak site is not any real reassurance that it is still not at some level of risk, although the data types do not readily lend themselves to some kinds of misuse.

Related posts:

  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • Pysa shuttered its leak site before it ever dumped data from more than half a dozen schools. Here’s what we know so far.
  • Atlanta Allergy & Asthma first mails notices to patients; data was dumped back in March
  • U.S. medical entities fall prey to Pysa threat actors, but many haven’t disclosed it – at least, not yet.
Category: Commentaries and AnalysesHealth DataOf NoteU.S.

Post navigation

← In: Health Ministry Refutes CoWIN Data Leak Claim, Initiates Investigation
Healthcare entities in Saudi Arabia, Illinois, and Mississippi fall prey to Xing Team →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.