Aviacode

Aviacode operates as a medical coding services provider, functioning under the ownership of GeBBS Healthcare Solutions as a subsidiary entity. The company's core business involves delivering specialized coding services within the healthcare sector, a critical function for medical billing, reimbursement, and health records management. Its operational focus is situated within the United States, aligning with its headquarters location. The nature of its services inherently requires the processing and safeguarding of sensitive data, including personnel and financial information for its workforce and contractor network, as evidenced by the types of records compromised in a major security incident.

The organization's public profile and operational scale are not detailed beyond its subsidiary relationship and service specialization. A defining and publicly documented characteristic of Aviacode is its involvement in a significant cybersecurity incident in early 2023. The ransomware group 0mega claimed responsibility for exfiltrating and publishing approximately 200 gigabytes of the company's internal data. This breach exposed extensive personal and financial information of employees and contractors, such as Social Security numbers, dates of birth, payroll records, tax documents including W-2s and 1099s, background checks, and credentials, with some files containing reused default passwords. While the attackers alleged they had encrypted systems and gained administrative access, Aviacode did not publicly acknowledge the attack nor engage in negotiations. The incident did not involve confirmed protected health information, but the volume of personal identifiers exposed likely triggered individual and regulatory notification obligations under various state breach notification laws. The attackers publicly criticized Aviacode's incident response, alleging internal mismanagement and a lack of technical competence, which stands as a notable point regarding the company's cybersecurity event handling.