Allergy Partners is committed to protecting the confidentiality and security of the information we maintain. Regrettably, this notice concerns a security incident involving some of that information.
On February 23, 2021, Allergy Partners identified unusual network activity. We immediately took steps to secure the network and began an investigation with the assistance of a computer forensic firm. On February 24, 2021, the investigation determined that an unauthorized person gained access to the network between January 12, 2021 and February 23, 2021. During that time, the unauthorized person deployed malware and acquired copies of some of the information on our systems. Over the past several months, we have been working diligently to complete the comprehensive review of all documents involved; we received the final results of this review on October 1, 2021. The review determined that for some of the individuals, one or more files reflected their name and one or more of the following: address, date of birth, health insurance information, patient account number, and/or clinical information, such as dates of service, diagnosis, or prescription information. For certain individuals, the information also reflected their Social Security number and/or financial account information. Please note, our electronic medical records system was not involved or accessed in this incident.
We are mailing letters to all individuals whose information was identified in the documents involved, which provide guidance on how they can help protect their information. We have also established a dedicated, toll-free call center to answer questions about the incident. If you have questions, please call 1-855-916-6190, Monday through Friday, from 9:00 a.m. to 6:30 p.m. Eastern Time. As a precaution, for those individuals whose Social Security numbers were identified in the documents, we are offering complimentary credit monitoring and identity protection services. We also recommend that affected individuals review any statements they receive from their health insurers and health care providers. If they see services they did not receive, they should contact the insurer or provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of patient information. To help prevent something like this from happening again, we are continuing to regularly audit our systems for potential unauthorized activity, and are implementing enhanced network monitoring tools.