Arizona Asthma and Allergy Institute Data Breach and Lost Exceltox Laboratories Documents

Arizona Asthma and Allergy Institute based in Peoria, AZ has found out that the protected health information (PHI) of approximately 50,000 patients was momentarily compromised on the internet and might have been viewed by an unauthorized person.

The impacted patient information was compromised for a short time period in September 2020 under another company’s name. Upon being aware of the security breach, a third-party computer forensics company investigated to find out the extent of the security breach and the severity to which patient information had been impacted.

The investigation affirmed on March 8, 2021 the exposure of the following types of information: first and last names, names of providers, patient identification numbers, medical insurance details, and treatment cost data. Impacted patients had gotten medical services from the Arizona Asthma and Allergy Institute from October 1, 215 to June 15, 2020.

Although the exposure of information was affirmed, there is no proof found that indicates the misuse of any patient information; nevertheless, impacted patients were instructed to keep track of their explanation of benefits statements for any indications of fraudulent transactions.

Since the incident, Arizona Asthma and Allergy Institute has undertaken steps to improve security to avoid the same incidents later on.

Package of Documents That Contain PHI of 4,571 Patients is Lost in Transit

Exceltox Laboratories based in Irvine, CA has informed 4,571 people regarding the likely exposure of some of their PHI.

Exceltox is a CLIA-certified lab that offers medical and toxicology testing services, such as COVID-19 testing. On February 15, 2021, Exceltox delivered a package that contains documents associated with COVID-19 tests done for patients through UPS to its document scanning provider.

Exceltox thought that the package was already received, but later found out that the package did not arrive at its supposed location. Exceltox worked together with UPS to attempt to track down the missing package however it hasn’t been found yet. Based on UPS documentation, there was an attempt to deliver the package, however the document scanning firm office was closed. The package was brought back to the depot for redelivery, nonetheless the package was not redelivered. Exceltox is still trying to find the missing package.

The paperwork in the package contains the following information: full names, addresses, telephone numbers, Social Security numbers, birth dates, genders, names of medical provider, patient IDs, collection dates, test types, names of insurance provider, insurance plan names, and group numbers and/or policy numbers.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at