25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Tens of Thousands of Individuals Affected by AllyAlign Health Ransomware Attack

Posted By on Mar 4, 2021

AllyAlign Health, a Glen Allen, VA-based Medicare Advantage health plan administrator, has started notifying members and providers about an attempted ransomware attack that occurred on November 13, 2020.

According to the HIPAA breach notification letters sent to affected individuals, AllyAlign Health first became aware of the attack on November 14, 2020. An investigation of the incident found the systems accessed by the attackers contained members’ first and last names, addresses, dates of birth, Social Security numbers, Medicare health insurance claim numbers, Medicare beneficiary identifiers, medical claims histories, health insurance policy numbers, and other medical information.

Providers affected by the breach have been notified that names, addresses, dates of birth, Social Security numbers, and Council for Affordable Quality Healthcare (CAQH) credentialing information may have been compromised.

It is unclear exactly how many individuals have been affected by the incident. According to the breach notification sent to the Maine Attorney General, the protected health information of 76,348 individuals was potentially compromised in the breach. The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates 33,932 individuals have been affected. The 33,932 individuals could be members and the rest providers.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The Attorney General notification indicates the breach was discovered on February 2, 2021. This could be the date when the breach investigation was completed, and the number of individuals affected became known.

AllyAlign Health said it acted quickly to respond to the breach and engaged IT specialists to ensure the security of its network environment. Since the breach occurred, policies and procedures have been updated relating to the security of its systems and servers and information life cycle management. Notification letters were sent to affected individuals on February 26, 2021 and credit monitoring and identity theft protection services have been offered. At the time of issuing notifications, no reports had been received related to the misuse of member or provider data.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist