CHARLOTTE, NC (WMBF) - More than 2 million could be at risk after a third-party vendor that provides billing and other services for healthcare providers in the Carolinas has fallen victim of a cyber incident.
AccuDoc Solutions, Inc. and Atrium Health announced Tuesday that AccuDoc has been the victim of a cyber incident and that certain databases containing billing information belonging to Atrium Health and its managed locations may have been involved.
According to Atrium Health, an unauthorized party gained access to AccuDoc Solutions, Inc. database between September 22 and September 29, 2018.
The databases accessed by the unauthorized third party contained information provided in connection with payment for healthcare services at an Atrium Health location, formerly Carolinas HealthCare System. The locations that may have been jeopardized are Blue Ridge HealthCare System, Columbus Regional Health Network, NHRMC (New Hanover Regional Medical Center) Physician Group, Scotland Physicians Network, and St. Luke’s Physician Network.
This data breach puts 2.65 million people at risk of having their personal information made public. This information may have included first and last name, home address, date of birth, insurance policy information, medical record number, invoice number, account balance, dates of service and, in around 700,000 instances, Social Security numbers.
At least 500 individuals involved in the cyber incident are from South Carolina, the company says.
Medical records were not accessed, Atrium said, and neither were bank account or debit and credit card numbers.
Those with Social Security numbers involved in this incident are being offered free credit monitoring and identity protection services.
AccuDoc informed Atrium Health on October 1, 2018, that the breach had occurred. The forensic investigations indicate that the information was not removed from AccuDoc’s systems.
In addition, Atrium Health’s core systems and those of its managed locations are separate from AccuDoc’s systems and were not involved in this incident. Personal clinical and medical records were not involved, nor was financial account information, such as bank account numbers or credit card or debit card information.
In a press release, the company said that privacy and security are a top priority of AccuDoc and Atrium Health and both parties took immediate action to protect the confidentiality of patients’ information. As soon as the incident was discovered,
AccuDoc terminated the unauthorized access, retained a forensic firm and took steps to secure its affected databases and enhance its security controls. AccuDoc continues to monitor its systems for any additionally related activity.
Atrium Health also reviewed its security safeguards and system activity, as well as engaged its own nationally recognized forensic investigative firm to conduct a thorough independent review of the incident.
Both AccuDoc and Atrium Health have been in contact with the Federal Bureau of Investigation (FBI).
While we are not aware of any misuse, AccuDoc and Atrium Health are contacting patients and guarantors whose information was in the affected databases out of an abundance of caution.
AccuDoc and Atrium Health deeply regret any inconvenience and concern this incident regarding AccuDoc’s databases may cause.
For questions or additional information, individuals should call toll-free 1-833-228-5726, Monday through Friday from 9 a.m. to 6 p.m. Eastern Time.
They can also visit www.krollfraudsolutions.com/accudocincident for a list of frequently asked questions.
Individuals should monitor any unauthorized activity regarding their accounts, bills, notices, and insurance transactions.
For information on various steps individuals can take to protect their identity and information, please visit Tips & Advice for Consumers at the Federal Trade Commission’s website at www.ftc.gov.