Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Technology
November 28, 2018 12:00 AM

2.65 million Atrium Health patients' data potentially exposed

Rachel Z. Arndt
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    An unauthorized user accessed the personal information of as many as 2.65 million Atrium Health patients in September after getting into the systems of one of Atrium's third-party vendors.

    While the user accessed Atrium Health information in databases of the vendor, AccuDoc Solutions, they did not download or remove the information, which included addresses, dates of birth, and Social Security numbers but not medical records or financial data.

    "The fact that even one record was accessed is one too many," said Chris Berger, assistant vice president of corporate communications for Atrium Health, in a statement. "Our patients expect us to keep all of their information private, which is why we took action so quickly."

    After AccuDoc, a billing vendor, told Atrium about the incident on Oct. 1, both organizations looked over their system activity to make sure data were secured. Atrium and AccuDoc each are reviewing the incident, which occurred between Sept. 22 and Sept. 29.

    Breaches like this one, in which a hacker gains access to a large organization through one if its third-party vendors, are becoming more common, according to Bob Anderson, principal in the Chertoff Group's strategic advisory services practice. "The adversaries have figured out that it's much easier to just get the information they're looking for from a third party," Anderson said. Healthcare organizations therefore should vet not only their own but also their vendors' breach-response strategies.

    Atrium Health may end up being only the first of several health systems affected by the breach to come forward.

    "This could just be the tip of the iceberg," said Mac McMillan, co-founder and CEO of information security consulting firm CynergisTek. "When you have a third party that's essentially an aggregator of large amounts of patient information because they're holding and processing large amounts of patient information for multiple health systems, you could have a much bigger breach than you would of a single entity."

    While the number of data breaches of healthcare provider organizations has actually gone down in 2018 compared with 2017, the number of breaches of business associates—that is, third parties—has risen 83%, according to HHS' Office for Civil Rights, which maintains the government's Breach Portal for healthcare data breaches.

    Overall, data breaches classified as "unauthorized access/disclosure" by the OCR have been the most common in 2018, followed closely by breaches classified as "hacking/IT incident." Between the start of 2018 and the end of October, there were 306 breaches, compared to 298 in the same period of 2017.

    The OCR does not take data breaches lightly. In October 2018, the office fined Anthem $16 million for a 2015 data breach that affected nearly 79 million people.

    But that paled in comparison to the class-action lawsuit settlement Anthem reached Tuesday, after agreeing in 2017 to pay out $115 million to those whose data were breached in 2015.

    As in that case, the fallout from the AccuDoc breach could be a class-action lawsuit, Anderson said. "These types of lawsuits are very much in vogue these days," he said.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Chat-GPT-healthcare-2.png
    Why Boston Children's wants to hire a ChatGPT expert
    Screen Shot 2018-12-19 at 1.36.49 PM.png
    GE HealthCare stock drops despite revenue growth
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing