Millions of Atrium Health patient records breached by hackers

Atrium Health
A hack occurred on a database managed by third-party vendor AccuDoc Solutions in September that included more than 2.6 million patient billing records at Atrium. (Atrium Health)

A database of more than 2.6 million billing records of patients at Atrium Health—formerly Carolinas HealthCare System—is believed to have been compromised by hackers. 

The breach hit one of the health system's third-party vendors, AccuDoc Solutions, in September, the company and the health system said in a joint announcement on Tuesday. That database included names, addresses, dates of birth, insurance policy information, medical record numbers, invoice numbers, account balances, dates of service and, in some instances, Social Security numbers.

Specifically, the database accessed involved data in connection with payment for healthcare services at locations managed by Atrium Health, including Blue Ridge HealthCare System, Columbus Regional Health Network, NHRMC (New Hanover Regional Medical Center) Physician Group, Scotland Physicians Network and St. Luke’s Physician Network.


13th Partnering with ACOS & IDNS Summit

This two-day summit taking place on June 10–11, 2019, offers a unique opportunity to have invaluable face-to-face time with key executives from various ACOs and IDNs from the entire nation – totaling over 3.5 million patients served in 2018. Exclusively at this summit, attendees are provided with inside information and data from case studies on how to structure an ACO/IDN pitch, allowing them to gain the tools to position their organization as a “strategic partner” to ACOs and IDNs, rather than a merely a “vendor.”

However, the firm emphasized the breach did not hit Atrium Health's core systems, nor did it involve clinical information or financial information such as bank account or credit card numbers. Forensics reports show hackers were not able to actually download or remove the files, they said in a statement.

RELATED: hit with data breach impacting 75,000 people

"But the fact that even one record was accessed is one too many. Our patients expect us to keep all of their information private, which is why we took action so quickly," said Chris Berger, a health system spokesman in an emailed statement. "We take cybersecurity very seriously, and you can be sure we’ve worked very hard to determine exactly what happened, and how to prevent it from happening again."

Atrium said it is monitoring the situation, while AccuDoc enhanced security and closed off the compromised path. The health system also notified patients and guarantors who might have been impacted by the incident. They began notifying patients on Tuesday.

"While we are not aware of any misuse, AccuDoc and Atrium Health are contacting patients and guarantors whose information was in the affected databases out of an abundance of caution. Those with Social Security numbers involved in this incident are being offered free credit monitoring and identity protection services," officials from the health system and the company said in a joint statement.

Suggested Articles

The Trump administration has released its annual rule governing payments to inpatient providers.

Pharmacy retail giant Walgreens plans to implement a new minimum age requirement of 21 for its customers seeking to purchase tobacco products in its stores.

An artificial intelligence tool can help diagnose post-traumatic stress disorder in veterans by analyzing their voices, a new study found.