Personal Data of over 2 Million Atrium Health Patients might have been Compromised

Atrium Health announced on Tuesday (i.e. on November 27, 2018) that their AccuDoc system has been hacked and might have compromised personal information of over 2 million patients. As per Atrium Health, AccuDoc system is the billing vendor which provides billing services to the healthcare providers that includes Atrium Health.

Atrium Health only reveal about the breach after the law enforcement investigation was done, and they identified who were impacted by the breach. The company said that the estimated 2.65 mn people all across the country will receive letters; and free credit monitoring as well as identity protection services will be offered to those people where the social security numbers was involved.

Ken Perkins, General Counsel of AccuDoc, said that it all began when a patient of Atrium reported that he/she is facing trouble while paying the bill online. Only thereafter, AccuDoc had realized that the system was breached and began investigating.

Perkins said that the 13-year-old company is facing a cyberattack for the first time. The hackers have gained access to the databases of AccuDoc in between September 22, 2018, and September 29, 2018. For gaining access, the hackers hacked one of the vendors ProWord, whom AccuDoc has fired after the incident. On October 1, 2018, the breach was informed to Atrium Health by AccuDoc.

As per the investigation that was carried out, Atrium Health thinks that the hackers might have accessed information like first names, last names, addresses, dates of birth, insurance policy information, medical record numbers, account service and social security numbers. Atrium Health also said that the information have been accessed, but never been downloaded.

"There is cyber forensic evidence that shows there were attempts by the invader to actually download the data and those attempts were unsuccessful. That's been proven by the forensic experts," said Perkins.

AccuDoc Solutions, the hacked company, said that the compromised databases do include personal information, but no financial information or medical records.

Atrium Health operates 44 hospitals across Georgia, North Carolina and South Carolina. This incident might have involved the personal information that was provided in relation to payment for the health services in Atrium Health location (formerly the Carolinas HealthCare System), as well as in locations that were managed by the Atrium Health, including Columbus Regional Health Network, Blue Ridge HealthCare System, NHRMC (New Hanover Regional Medical Center) Physician Group, and Scotland Physicians Network.

» SPAMfighter News - 12/6/2018