Skip to main content

Analysis

Atrium Health Vendor Hacked, 2.65M Records Exposed

By John Commins  
   November 27, 2018

AccuDoc Solutions was 'the victim of a cyber incident' this fall involving Atrium patient billing information. The data was accessed by unauthorized users but not downloaded.

A third-party vendor providing billing services for Atrium Health was hacked and gave unauthorized users access to about 2.65 million records, Atrium Health announced Tuesday.

Atrium said the hackers broke into to the databases of billing services contractor AccuDoc Solutions in late September. AccuDoc told Atrium on Oct. 1. A subsequent investigation determined that the information was not removed from AccuDoc's systems.

"The exact number is hard to pinpoint, but based on our investigation it looks like the unauthorized user gained access to databases that had about 2.65 million records. Of the 2.65 million, it appears around 700,000 included Social Security numbers," Atrium spokesman Chris Berger said.

"It is very important to understand that the data was accessed but not downloaded in this incident," Berger said.

Atrium said patients whose Social Security numbers may have been exposed are being offered free credit monitoring and identity protection services.

In addition, Berger said Atrium Health's core systems and those of its managed locations are separate from AccuDoc's and were not involved in the hack.

Personal clinical and medical records were not involved, nor was financial account information, such as bank account numbers or credit card or debit card information.

Information that may have been accessed includes personal information about patients' first and last name, home address, date of birth, insurance policy information, medical record number, invoice number, account balance, dates of service and Social Security numbers.

The databases accessed by the unauthorized third party contained information provided in connection with payment for healthcare services at an Atrium Health location, and at locations managed by Atrium Health, including Blue Ridge HealthCare System, Columbus Regional Health Network, New Hanover Regional Medical Center Physician Group, Scotland Physicians Network and St. Luke's Physician Network.

“The exact number is hard to pinpoint, but based on our investigation it looks like the unauthorized user gained access to databases that had about 2.65 million records.”

John Commins is a content specialist and online news editor for HealthLeaders, a Simplify Compliance brand.


KEY TAKEAWAYS

2.65 million billing records were exposed, including 700,000 Social Security numbers.

The hackers did not access medical records or financial account information.

The hack took place in late September, and Atrium was notified Oct. 1.


Get the latest on healthcare leadership in your inbox.