Millions of Atrium Health patient records breached by hackers

Atrium Health
A hack occurred on a database managed by third-party vendor AccuDoc Solutions in September that included more than 2.6 million patient billing records at Atrium. (Atrium Health)

A database of more than 2.6 million billing records of patients at Atrium Health—formerly Carolinas HealthCare System—is believed to have been compromised by hackers. 

The breach hit one of the health system's third-party vendors, AccuDoc Solutions, in September, the company and the health system said in a joint announcement on Tuesday. That database included names, addresses, dates of birth, insurance policy information, medical record numbers, invoice numbers, account balances, dates of service and, in some instances, Social Security numbers.

Specifically, the database accessed involved data in connection with payment for healthcare services at locations managed by Atrium Health, including Blue Ridge HealthCare System, Columbus Regional Health Network, NHRMC (New Hanover Regional Medical Center) Physician Group, Scotland Physicians Network and St. Luke’s Physician Network.

Featured Webinar

Patient experience and the bottom-line impact on a practice

Practices that deliver exceptional experience often demonstrate strong financial performance and efficient operations. Join us to learn how to identify the most impactful connections between patient experience and financial performance, how to measure, track and improve patient experience as it relates to the bottom line, and identify patient experience measures that affect financial performance.

However, the firm emphasized the breach did not hit Atrium Health's core systems, nor did it involve clinical information or financial information such as bank account or credit card numbers. Forensics reports show hackers were not able to actually download or remove the files, they said in a statement.

RELATED: hit with data breach impacting 75,000 people

"But the fact that even one record was accessed is one too many. Our patients expect us to keep all of their information private, which is why we took action so quickly," said Chris Berger, a health system spokesman in an emailed statement. "We take cybersecurity very seriously, and you can be sure we’ve worked very hard to determine exactly what happened, and how to prevent it from happening again."

Atrium said it is monitoring the situation, while AccuDoc enhanced security and closed off the compromised path. The health system also notified patients and guarantors who might have been impacted by the incident. They began notifying patients on Tuesday.

"While we are not aware of any misuse, AccuDoc and Atrium Health are contacting patients and guarantors whose information was in the affected databases out of an abundance of caution. Those with Social Security numbers involved in this incident are being offered free credit monitoring and identity protection services," officials from the health system and the company said in a joint statement.

Suggested Articles

Several experts say most insurers aren't factoring COVID-19 into their 2021 premiums for the ACA exchanges due to massive uncertainty.

With large numbers of Americans skeptical of a COVID-19 vaccine, CVS views its pharmacists as playing a key role in assuaging fears, said its CEO.

The COVID-19 pandemic is driving enormous demand for virtual mental health care services. Here is how much utilization has increased during COVID-19.