Atrium Health has announced that a cyber incident at AccuDoc Solutions, its billing vendor, impacted approximately 2.65 million patient records, according to an email sent by an Atrium spokesman.
Formerly known as Carolinas HealthCare System, Atrium is based in Charlotte, North Carolina. Morrisville, North Carolina-based AccuDoc provides IT services, payment services and more to over 50 hospitals and healthcare systems.
When Investment Rhymes with Canada
Canada has a proud history of achievement in the areas of science and technology, and the field of biomanufacturing and life sciences is no exception.
On October 1, 2018, AccuDoc informed Atrium that an unauthorized third party gained access to AccuDoc’s databases between September 22 and September 29, 2018.
According to forensic investigations, the information wasn’t removed or downloaded from AccuDoc’s systems.
The impacted information included names, addresses, dates of birth, insurance policy information, medical record numbers, account balances, invoice numbers, dates of service and some Social Security numbers. An Atrium spokesman said it appears that approximately 700,000 of the records included Social Security numbers.
AccuDoc and Atrium said patients’ personal clinical and medical records and financial information were not involved.
The accessed databases contained information provided to pay for services at Atrium Health, as well as locations it manages. These include Blue Ridge HealthCare System, Columbus Regional Health Network, New Hanover Regional Medical Center Physician Group, Scotland Physicians Network and St. Luke’s Physician Network.
After the incident was discovered, AccuDoc terminated the unauthorized access, brought on a forensic firm and has worked to ensure its databased are secure. Additionally, Atrium has reviewed its security safeguards and worked with a forensive investigative firm to conduct an independent review of the incident. Both entities have been in contact with the FBI.
The organizations are contacting individuals whose information was in the databases. Those whose Social Security numbers were involved are offered free credit monitoring and identity protection services.
Despite increasing security awareness, cyber incidents like this one continue to plague the healthcare industry. The latest Breach Barometer, a report from Protenus and DataBreaches.net, found that 4.4 million patient records were breached between July and September 2018.
Photo: Rawpixel Ltd, Getty Images
