Asheville, N.C.-based Allergy Partners released more details of a January ransomware attack on its computer network, which exposed more than 1,000 patients' info, according to a May 17 notice.
Allergy Partners began bringing most of its computer systems back online in March after the ransomware attack, which ran from Jan. 12 through Feb. 23. Hackers infected the clinic's systems with ransomware and demanded $1.75 million in exchange for giving the clinic back its access to its encrypted data.
Allergy Partners reported the incident to HHS as affecting 1,087 individuals. While the clinic's systems were compromised, the hackers deployed malware and acquired copies of some of the patients' information, Allergy Partners said.
Patient information exposed by the incident included names, Social Security numbers, birthdates, health insurance details, financial account numbers and treatment details.
Allergy Partners, which has several clinics across 20 states, is offering free credit monitoring and identity protection services to any patients affected by the incident.