Atrium Health has reported a massive data breach exposing the PII of more than 2.6 million clients after someone gained access to a database belonging to a third-party vendor.
The North Carolina-based healthcare provider stated that AccuDoc Solutions, a vendor providing billing and other services, had informed Atrium on 1 October that an unauthorised person had gained access to its database between 22-29 September, 2018. The information exposed came from patients and payment guarantors and included first and last name, home address, date of birth, insurance policy information, medical record number, invoice number, account balance, and dates of service and for some people Social Security numbers.
About 700,000 of the 2.65 million records exposed contained Social Security numbers, Atrium told The Charlotte Observer.
Atrium does not believe any of the information was removed from the database, but the company is recommending those affected, who are being notified by mail, should monitor their accounts and bills for malicious activity.
Exactly how access was gained was not released, but the database has since been locked down.
The Charlotte Observer cited an Accudoc general counsel Kenneth Perkins saying the number of affected people could rise, but since the entire database was impacted by this breach he did not believe any increase would be significant.
The records involved were associated with patients who used Atrium Health location (formerly Carolinas HealthCare System) and at locations managed by Atrium Health, including Blue Ridge HealthCare System, Columbus Regional Health Network, NHRMC (New Hanover Regional Medical Center) Physician Group, Scotland Physicians Network, and St. Luke’s Physician Network, the company said.
This article was originally published on SC Media US