GA: Atlanta Allergy & Asthma hit by Nefilim threat actors

Atlanta Allergy & Asthma (AA&A) proudly proclaims itself to be  the largest allergy group in Atlanta, with 17 locations. “For more than 45 years, we have been the experts in the diagnosis and treatment of allergies, asthma, food allergies, sinusitis, and immunologic diseases,” their site notes.

What their site does not note yet is that they have apparently been attacked by Nefilim (a.k.a. “Nemty”) ransomware threat actors.

As do many other threat actors, Nefilim has a dedicated leak site on the Dark Web where they post the names of victims who have not paid their ransom or extortion demands. Yesterday, AA&A was added to the site with a “teaser” in terms of some of their data.

The 1.3 GB compressed archive extracted to 2.5 GB of data consisting of 597  files with PHI on what appears to be thousands of named patients. The files are not just current or recent billing-related files: spreadsheets organized by type of health insurance, including records on outstanding claims from 2017 and 2018 were also dumped in the “Electronic Remits” folder, as were more than 100 audits, where each audit might be a multi-page detailed review of a patient’s case.

Redacted excerpt from audit
Audit files contained multi-page summaries of a patient’s records. This is a snippet from a 3-page report and was redacted by

All told, the threat actors appear to have cued up approximately 19GB of the covered entity’s files to dump if the practice refuses to pay their extortion demands. reached out to AA&A  last night requesting a comment on the attack or some statement as to how they are responding to it, but has received no reply as yet.  This post will be updated if a reply is received.


About the author: Dissent

Comments are closed.