Cyber Incident Victim: Atlanta Allergy & Asthma

On or around March 3, 2021, Atlanta Allergy & Asthma (AA&A), a medical practice specializing in allergy and asthma treatment across 17 locations, experienced a ransomware attack attributed to the Nefilim threat actor group, also known as Nemty. The attackers compromised AA&A's systems and exfiltrated sensitive data, subsequently listing the organization on Nefilim's dedicated Dark Web leak site. This listing included a preliminary data sample intended to pressure the practice into meeting extortion demands. The threat actors claimed possession of approximately 19GB of the entity's files, threatening to release the full dataset if payment was not made.

The compromised data included 1.3GB of compressed files, expanding to 2.5GB upon extraction, containing 597 files with protected health information (PHI) pertaining to thousands of identifiable patients. Exfiltrated records spanned multiple years, including billing spreadsheets categorized by insurance type and unresolved claims from 2017 and 2018 stored in an "Electronic Remits" folder. Over 100 patient audit files—detailed, multi-page case reviews—were also among the stolen data. The breach exposed sensitive clinical and financial information, creating significant privacy risks for affected individuals. AA&A did not publicly acknowledge the incident or provide details about its response at the time of initial reporting, as no reply was issued to media inquiries regarding mitigation efforts, operational impacts, or patient notifications. The attackers' publication of sample data confirmed the compromise but left the full scope of organizational consequences undocumented in available sources.