Atrium Health was hit with a data breach that affected 2.65 million people, where hackers possibly gained access to their non-medical data—including addresses, dates of birth, and social security numbers.
Atrium Health is a non-profit healthcare and wellness program provider based in Charlotte, North Carolina, that operates 44 hospitals across North Carolina, South Carolina, and Georgia. It was previously called Carolinas HealthCare System.
AccuDoc, based in Morrisville, North Carolina, provides billing and related services to healthcare providers, like enabling patients to make payments online. The company serves Atrium as well as about 50 other hospitals and healthcare providers.
The compromised information includes names, addresses, dates of birth, social security numbers, insurance policy information, account balances, and dates of service.
Atrium said that its own system, which stores bank account details, debit and credit card numbers, and medical records, is separate from the AccuDoc database and therefore were not affected by the breach.
AccuDoc immediately informed Atrium Health and stopped the unauthorized access when it discovered the breach on Oct. 1. They have since secured the affected databases and enhanced security measures.
Both AccuDoc and Atrium Health hired forensic investigators to independently review the breach and have also consulted the Federal Bureau of Investigation.
Investigations show that the information was accessed and viewed but there was no evidence that the information was downloaded or distributed to other channels.
“We are notifying the patients and guarantors who may have been impacted by this incident. We take cybersecurity very seriously, and we’ve worked very hard to determine exactly what happened, and how to prevent it from happening again,” Chris Berger, AVP of Corporate Communications for Atrium said in a statement.
What Patients Should Do
“Individuals should monitor their account statements, bills, notices, and insurance transactions for incidents of unauthorized activity, and contact Atrium Health with any questions or concerns,” the joint statement said. “Atrium Health is offering credit monitoring to those whose Social Security numbers were potentially accessed.”Patients should report any questionable charges to the provider’s billing office or insurance company.
Thereafter, patients are encouraged to review their credit report carefully.
“Upon receiving your credit report, review it carefully. Errors may be a warning sign of possible identity theft. If you see anything you do not understand, call the credit bureau at the telephone number on the report,” the joint statement said.
“If there are accounts or charges you did not authorize, immediately notify the appropriate credit bureau by telephone and in writing. Information that cannot be explained should also be reported to your local police or sheriff’s office because it may signal criminal activity.”