Atrium Health is a not-for-profit healthcare and wellness provider operating in North and South Carolina for a number of hospitals, emergency departments, and healthcare programs. Unfortunately, they underwent a data breach by their third party billing company.
Compromised Personal Data
“One record accessed is one too many,” Atrium Health stated.
Between September 22 and September 29, an unauthorized threat actor was able to gain access to databases containing the records, which included names, home addresses, dates of birth, insurance policy information, service dates, social security numbers, medical record numbers, and account balances.
Financial information such as credit card numbers remains to be secured and intact. The organization is keen to emphasize that while the records were accessed without permission, “our forensics reports indicate the [user] was not able to actually download or remove the files.”
Third Party Firm -> AccuDoc
The compromised servers were managed by AccuDoc, separate from the Atrium Health’s systems. The third-party firm mailed bills to Atrium patients and provided web services for the hospital system, such as patient portals.
AccuDoc informed Atrium Health of the breach on October 1st. Immediately, the billing vendor cut off the unauthorized access point and hired a cyberforensic firm to investigate the database security.
The firm found that a hacking incident that involved a compromised system of an AccuDoc vendor which led to the exposure of Atrium’s data.
“AccuDoc continues to monitor its systems for any additionally related activity,” the companies said. “Atrium Health also reviewed its security safeguards and system activity, as well as engaged its own nationally recognized forensic investigative firm to conduct a thorough independent review of the incident.”
Both AccuDoc and Atrium Health have informed the FBI. No evidence of data misuse was found, but out of caution, Atrium Health is contacting all patients and guarantors involved in the breach.
Patients who think they may be affected can visit www.krollfraudsolutions.com/accudocincident/. Individuals who may be affected can also call 833-228-5726 for more information.
Original Article Found Here.