<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

News Coverage

Data Breach Hits 2.6 Million Atrium Health Patients

down-arrow

Hospital network Atrium Health informed patients on Tuesday that their personal information was compromised following a breach at technology solutions provider AccuDoc.

Atrium Health, formerly Carolinas HealthCare System, provides a wide range of healthcare and wellness programs in the Southeast of the United States through more than 40 hospitals and 900 care locations.

The organization learned on October 1 that AccuDoc, which provides billing and other tech services to the healthcare sector, had detected unauthorized access to its databases. These databases stored information related to payments made at several Atrium Health locations, including Blue Ridge HealthCare System, Columbus Regional Health Network, NHRMC Physician Group, Scotland Physicians Network, and St. Luke’s Physician Network.

Based on an investigation conducted by AccuDoc, the intruders had access to its systems for roughly one week between September 22 and September 29. The compromised databases stored personal information on patients and guarantors (i.e. the individual paying for a patient’s bill), including name, date of birth, address, insurance policy details, medical record number, invoice number, account balance, date of service and, in some cases, social security number.

The breached databases did not store medical or clinical records, bank account numbers, or payment card information, Atrium said. The company also claims there is no evidence that any data was actually stolen, or that any of the compromised information was misused.

It has been reported that the incident impacts roughly 2.65 million Atrium patients. Affected individuals are being notified by mail and have been advised to keep a close eye on their account statements and place a fraud alert on their credit file.

“Just when we thought things might be improving in healthcare data security, the Atrium Health Breach repositions 2018 as a record year for healthcare cyber attackers,” Pravin Kothari, CEO of CipherCloud, told SecurityWeek. “In the first half of 2017, approximately 1.6m+ healthcare records were reported as breached. In the second half of 2017 this number increased slightly to 1.7m+ healthcare records for a grand total in 2017 of about 3.4 million records. In the first half of 2018, we noted roughly 1.9+ million healthcare records breached.”

“Now, with the Atrium Health breach the ball for the 2nd half of 2018 threatens to set a new half record with over 2.65 million patient records in just one reported event. The moral of the story? Healthcare security, both on-premise and in the cloud, has not caught up with best practices and likely won’t do so anytime soon,” Kothari added.

George Wrenn, CEO and founder of CyberSaint Security, also provided some interesting statistics.

"Naturally, scaling a business includes partnerships. It's a matter of how to manage the risks that come with a rapidly growing vendor list. Seventy-five percent of mid-sized companies and enterprises expect their vendor list to grow by at least 20% this coming year and beyond. Third party risk management isn't just a security problem anymore- these issues are making their way up to the Board because higher levels of risk deter business success and growth,” Wrenn said.

“If nothing else, unknown risks within a supply chain can fuel fear around expansion. According to Gartner, 75% of the Fortune 500 will treat Vendor Risk Management as a board-level issue by 2020, driven by uncertainty and the pressing need to manage risk.

“Every stakeholder should have easily accessible visibility into where risks lie within any given vendor list, and should be able to have the insights from that information to take meaningful action. There needs to be a better way to manage the growing risk that comes with expanding businesses,” he explained.

Originally seen on securityweek.com

You may also like

CyberSaint and ACSC Research Sheds ...
on September 18, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, in collaboration with the Advanced Cyber Security Center (ACSC), has conducted a comprehensive focus ...

CyberSaint Debuts New Remediation ...
on September 6, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, is proud to announce the launch of the Remediation Suite within the CyberStrong platform. With the ...

STRONGER 2023 Conference ...
on July 19, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, today announced that attendee registration is now open for its annual STRONGER conference, the ...

CyberSaint Security Recognized in ...
on June 7, 2023

BOSTON, MA – CyberSaint, the leader in cyber risk management, is pleased to announce its inclusion in the latest Gartner® report, "Innovation Insight: Cybersecurity Continuous ...

Groundbreaking Executive Dashboard ...
on February 13, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, today announced the release of its Executive Dashboard. CyberSaint is first-to-market with this new ...

CyberSaint STRONGER 2023 ...
on February 2, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, today announced that the company is seeking speaker submissions for its virtual STRONGER conference, set ...