AIDS Alabama, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

AIDS Alabama, Inc. (AAI) experienced a data breach that occurred between October 11th, 2021, and August 9th, 2022, but was only discovered around August 14th, 2023. AAI serves over 8,000 Alabama residents, providing emotional and medical support, housing, food, and education on substance abuse and prevention. The breach notification indicated that an unauthorized actor gained access to AAI’s internal network, leading to the exposure of patient information. The specific details accessed include patients’ names, addresses, contact details, Social Security Numbers, medical diagnoses, health insurance information, healthcare providers, and services received[1].

The breach was reported to the Health and Human Services’ Office for Civil Rights as affecting 1,922 individuals. AAI began notifying affected individuals on September 22nd, 2023. The potential consequences of the breach are significant, as the exposed information could lead to identity fraud, medical fraud, and other risks such as stalking. AAI has not disclosed the identity of the assailants or their motives, and it is unclear how the stolen data might be used[1].

In response to the breach, AAI started an investigation with cybersecurity experts and notified patients. Affected parties are advised to hire identity monitoring services and be cautious with their personal information. Medical ID monitoring services are also recommended to detect any suspicious activity related to healthcare information[1].

The breach at AIDS Alabama, Inc. is a serious incident given the sensitivity of the information involved and the potential for misuse of the exposed data. It highlights the importance of robust cybersecurity measures and the need for prompt action and transparency when such incidents occur.

Citations:

  1. https://www.idstrong.com/sentinel/aids-alabama-announces-breach/
  2. https://www.aidsalabama.org
  3. https://www.idstrong.com/sentinel/acer-computer-giant-hit-hard-by-revil-ransomware—50-million-ransom/
  4. https://www.hipaajournal.com/cook-county-health-cyberattack-medical-transcription-firm/
  5. https://www.idstrong.com/sentinel/las-vegas-hospital-suffers-a-data-breach/
  6. https://www.law.ua.edu/pubs/lrarticles/Volume%2049/Number%203/grill.pdf
  7. https://breachdata.topwords.me/states/AL?limit=20&offset=0&sort=entity_name
  8. https://privacyrights.org/sites/default/files/pdfs/Data%20Breach%20Notification%20Laws%20in%20the%20United%20States%202022.pdf
  9. https://www.alabamapublichealth.gov/hiv/assets/security_confidentiality_policy.pdf
  10. https://projects.propublica.org/nonprofits/organizations/581727755/201723179349302192/full
  11. https://www.identityforce.com/blog/2018-data-breaches
  12. https://nanclement.com/jmp_nc.pdf
  13. https://breachdata.topwords.me/states/AL?limit=20&offset=0
  14. https://labor.alabama.gov/wc/benefits.aspx
  15. https://www.aidslawpa.org/victories/litigation/alabama-doe-and-indiana-doe-v-gilead-sciences-inc/
  16. https://bergermontague.com/cases/gilead-hiv-medication-privacy-breach-class-action-lawsuit/
  17. https://www.samhsa.gov/grants-awards-by-state/AL/discretionary/2018/details?page=2
Breach Submission Date Sep 26, 2023
Converted Entity Name AIDS Alabama, Inc.
Converted Entity Type Healthcare Provider
State AL
Individuals Affected 1,922
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes