CHARLOTTE, NC (Cassie Cope and Deon Roberts/Charlotte Observer) - Personal information for more than 2 million Atrium Health patients may have been compromised in a data breach of billing information, including addresses, dates of birth and Social Security numbers, the Charlotte heath care giant said Tuesday.
A hacking of Atrium billing vendor AccuDoc may have affected as many as 2.65 million people, Charlotte-based Atrium said. Of those, about 700,000 patients may have had Social Security numbers compromised, according to Atrium.
Atrium Health, formerly Carolinas HealthCare System, operates 44 hospitals across North Carolina, South Carolina and Georgia. Atrium is the largest health care provider and employer in Charlotte.
Compromised patient information also includes insurance policy information, medical record numbers, invoice numbers, account balances and dates of service, according to a joint press release from Atrium and AccuDoc. Atrium emphasized that the information was accessed but was not downloaded.
Medical records were not accessed, Atrium said, and neither were bank account or debit and credit card numbers.
AccuDoc, a Raleigh-area company that prepares bills and operates the website where patients can make payments online, became aware that a cyber incident took place on Oct. 1, according to the release. An “unauthorized third party” accessed the patient information between Sept. 22 and 29, the release said.
Atrium Health and AccuDoc said they began notifying patients of the hacking on Tuesday, nearly two months after they became aware of the incident.
“These are complicated investigations,” Atrium spokesman Chris Berger said Tuesday. “We’ve been working around the clock with AccuDoc, outside forensic investigators and the FBI to get to the bottom of this incident.”
Since the hacking, AccuDoc strengthened its security controls and Atrium has reviewed its systems, Berger said.
AccuDoc and Atrium hired forensic experts and those “investigations indicate that the information was not removed from AccuDoc’s systems,” the joint press release said.
How to get help
Patients whose Social Security numbers were affected can get free credit monitoring and identity protection, offered through the companies, the press release said.
Patients who think they may be affected can visit https://www.krollfraudsolutions.com/accudocincident/. Individuals who may be affected can also call 833-228-5726 for more information.
Locations that Atrium manages also were impacted by the breach, including Blue Ridge HealthCare System, Columbus Regional Health Network, New Hanover Regional Medical Center Physician Group, Scotland Physicians Network and St. Luke’s Physician Network.
The hack is the latest problem confronting Atrium this year.
In April, a group of about 90 doctors announced they wanted to leave the hospital system, accusing it of monopolistic and anti-competitive behavior.
Around the same time, Atrium faced a nasty public battle with an anesthesiology provider it had decided to severe ties with.