2.65 Million Patients Affected by the Latest Healthcare Data Breach

Atrium Health Data Breach

It's easy to forget how many parties are handling your data in this day and age. And we're not just talking about things you do online. Even something as simple as going to the doctor's office often requires giving away personal, and in some cases, extremely sensitive information to a number of organizations. When one of these organizations fails to protect it, it could very well be game over. Sadly, a little over 2.6 million people who recently went to the doctor's know this all too well.

Patients lose their data again

This is certainly not the first data breach at a healthcare organization, and it probably won't be the last. It's a pretty good example of the data handling mechanisms we talked about in the first paragraph, though. Here's what happened exactly.

Each and every one of the affected individuals visited one of the 44 hospitals run by Atrium Health (formerly known as Carolinas HealthCare System), a hospital network headquartered in Charlotte, North Carolina. When they received medical attention, they obviously had to give their personal information to the physician taking care of them. The doctors didn't keep it for themselves, though. The hospital also got it and stored it in Atrium's systems. As you can see, we already have three different parties handling a single patient's personal details. In the case of the Atrium Health breach, however, neither of them got attacked. The data was stolen from yet another organization in charge of storing it.

Atrium Health's partner exposed the patients' data

AccuDoc is Atrium Health's billing partner. On September 22, hackers managed to infiltrate AccuDoc's systems and stayed there for a week until the payment processor noticed the breach and booted them out of the compromised network. While they were inside, the crooks had access to names, home addresses, dates of birth, dates of service, account balances, and other information belonging to approximately 2.65 million patients.

Atrium points out that no medical or financial data has been exposed, which is definitely good news. A spokesperson for the hospital network did tell MedCytyNews.com, however, that around 700 thousand of the leaked records contained a Social Security Number.

AccuDoc failed to say how the hackers got in, though it did mention that the database was accessed through "a website for an unrelated client". The FBI is helping with the investigation which will hopefully reveal all the details.

In the meantime, patients that had their Social Security Numbers exposed can take advantage of AccuDoc's offer for a year's worth of free identity theft protection service. As for the rest of the victims, they can do little more than accept the fact that many different organizations are tasked with securely storing and processing our information, and that often, they fail to do it correctly.

November 30, 2018