AIDS Alabama, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
AIDS Alabama, Inc. (AAI) experienced a data breach that occurred between October 11th, 2021, and August 9th, 2022, but was only discovered around August 14th, 2023. AAI serves over 8,000 Alabama residents, providing emotional and medical support, housing, food, and education on substance abuse and prevention. The breach notification indicated that an unauthorized actor gained access to AAI’s internal network, leading to the exposure of patient information. The specific details accessed include patients’ names, addresses, contact details, Social Security Numbers, medical diagnoses, health insurance information, healthcare providers, and services received[1].
The breach was reported to the Health and Human Services’ Office for Civil Rights as affecting 1,922 individuals. AAI began notifying affected individuals on September 22nd, 2023. The potential consequences of the breach are significant, as the exposed information could lead to identity fraud, medical fraud, and other risks such as stalking. AAI has not disclosed the identity of the assailants or their motives, and it is unclear how the stolen data might be used[1].
In response to the breach, AAI started an investigation with cybersecurity experts and notified patients. Affected parties are advised to hire identity monitoring services and be cautious with their personal information. Medical ID monitoring services are also recommended to detect any suspicious activity related to healthcare information[1].
The breach at AIDS Alabama, Inc. is a serious incident given the sensitivity of the information involved and the potential for misuse of the exposed data. It highlights the importance of robust cybersecurity measures and the need for prompt action and transparency when such incidents occur.
Citations:
- https://www.idstrong.com/sentinel/aids-alabama-announces-breach/
- https://www.aidsalabama.org
- https://www.idstrong.com/sentinel/acer-computer-giant-hit-hard-by-revil-ransomware—50-million-ransom/
- https://www.hipaajournal.com/cook-county-health-cyberattack-medical-transcription-firm/
- https://www.idstrong.com/sentinel/las-vegas-hospital-suffers-a-data-breach/
- https://www.law.ua.edu/pubs/lrarticles/Volume%2049/Number%203/grill.pdf
- https://breachdata.topwords.me/states/AL?limit=20&offset=0&sort=entity_name
- https://privacyrights.org/sites/default/files/pdfs/Data%20Breach%20Notification%20Laws%20in%20the%20United%20States%202022.pdf
- https://www.alabamapublichealth.gov/hiv/assets/security_confidentiality_policy.pdf
- https://projects.propublica.org/nonprofits/organizations/581727755/201723179349302192/full
- https://www.identityforce.com/blog/2018-data-breaches
- https://nanclement.com/jmp_nc.pdf
- https://breachdata.topwords.me/states/AL?limit=20&offset=0
- https://labor.alabama.gov/wc/benefits.aspx
- https://www.aidslawpa.org/victories/litigation/alabama-doe-and-indiana-doe-v-gilead-sciences-inc/
- https://bergermontague.com/cases/gilead-hiv-medication-privacy-breach-class-action-lawsuit/
- https://www.samhsa.gov/grants-awards-by-state/AL/discretionary/2018/details?page=2