- The breach occurred between September 22 and 29, 2018.
- An attacker gained access to patients’ data, which was stored in a database provided by a third-party vendor - AccuDoc Solutions Inc.
Charlotte-based Atrium Health suffered a data breach that impacted over 2 million patients. The breach occurred between September 22 and 29, 2018, after an attacker gained access to a database, provided by a third-party vendor, AccuDoc Solutions Inc. The vendor ’s database was used by the healthcare organization to store data and for billing services.
The information compromised in the breach includes patients’ names, addresses, dates of birth, invoice numbers, account balances, dates of service, insurance policy information and Social Security numbers.
Atrium confirmed that the Social Security numbers of 700,000 patients was compromised by the attacker. However, no medical records and financial information were affected by the breach.
Atrium was informed about the breach on October 1 by AccuDoc. The companies said that they are conducting an extensive investigation and have also contacted the Federal Bureau Investigation (FBI).
Investigation into the matter revealed that the hackers had only viewed the data but were unable to download or remove it. Affected locations include Atrium Health facilities and partner sites at Blue Ridge Healthcare System, Columbus Regional Health Network, New Regional Medical Center Physician Group, Scotland Physicians Network and St. Luke’s Physician Network.
The healthcare provider said that it has started notifying affected patients. The company is also working towards enhancing the security of its infrastructures and systems. Atrium is also offering patients whose social security numbers have been compromised, free credit monitoring and identity services.
"We are notifying the patients and guarantors who may have been impacted by this incident. We take cybersecurity very seriously, and we’ve worked very hard to determine exactly what happened, and how to prevent it from happening again. The fact that even one record was accessed is one too many. Our patients expect us to keep all of their information private, which is why we took action so quickly,”Atrium said in a statement, the Charlotte Business Journal reported.