Atrium Health’s Billing Vendor Hacked, 2.65M Patients Affected

Nov. 28, 2018
The personal health data of more than 2 million Atrium Health patients has been compromised following a hack on the organization’s third-party billing vendor, AccuDoc.

The personal health data of more than 2 million Atrium Health patients has been compromised following a hack on the organization’s third-party billing vendor, AccuDoc.

According to a joint news release from Atrium Health, formerly Carolinas HealthCare System headquartered in Charlotte, and the billing vendor AccuDoc, an unauthorized third party gained access to AccuDoc’s databases sometime between September 22 and September 29. Importantly, noted officials, forensic investigations indicated that the information was not removed from AccuDoc’s systems.

According to officials, the databases accessed by the unauthorized third party contained information provided in connection with payment for healthcare services at an Atrium Health location, and at locations managed by Atrium Health, including Blue Ridge HealthCare System, Columbus Regional Health Network, NHRMC (New Hanover Regional Medical Center) Physician Group, Scotland Physicians Network and St. Luke’s Physician Network.

Information that may have been accessed includes certain personal information about patients and guarantors, such as first and last name, home address, date of birth, insurance policy information, medical record number, invoice number, account balance, dates of service and, in some instances, Social Security numbers.

Officials did note that since Atrium Health’s core systems and those of its managed locations are separate from AccuDoc’s systems and were not involved in this incident, personal clinical and medical records were not involved, nor was financial account information, such as bank account numbers or credit card or debit card information.

According to an Atrium Health spokesperson, “The exact number [of affected records] is hard to pinpoint, but based on our investigation it looks like the unauthorized user gained access to databases that had about 2.65 million records. Of the 2.65 million, it appears around 700,000 included Social Security numbers. It is very important to understand that the data was accessed but not downloaded in this incident. Our forensics reports indicate they were not able to actually download or remove the files.”

However, according to a report in the Charlotte Observer, AccuDoc general counsel Kenneth Perkins did not rule out that more patients might be affected than the number disclosed, adding that “it’s highly unlikely the number will grow. That’s because the current figures are based on entire databases of patients out of an abundance of caution,” he said, according to that report. The story also noted that one other AccuDoc client, Baylor Medical Center at Frisco in Texas, was affected by the hack. Data for about 40,000 people were impacted at that hospital.

Atrium Health operates 44 hospitals across North Carolina, South Carolina and Georgia, and is the largest healthcare provider and employer in Charlotte. AccuDoc is a Morrisville, N.C.-based company that provides billing and other services for healthcare providers.

Currently, AccuDoc and Atrium Health are contacting patients and guarantors whose information was in the affected databases “out of an abundance of caution,” officials said.

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?