Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Atrium Health Data Breach Impacts 585,000 People

Atrium Health has notified the HHS of a data breach impacting 585,000 individuals, and the incident may be related to online tracking.

Richmond University Medical ransomware data breach

Healthcare company Atrium Health has notified the US Department of Health and Human Services (HHS) that a recently discovered data breach impacts more than 585,000 individuals.

The HHS website does not provide any information regarding the incident, but the notification is likely related to an issue involving online tracking technologies that were present on an Atrium Health patient portal between 2015 and 2019. 

“These commonly used internet technologies were utilized to help operate certain features of our Patient Portal and enhance the online experience for users. We have learned that, during this time frame, these technologies may have transmitted certain personal information to third-party vendors, such as Google and Facebook (now Meta),” Atrium told impacted individuals recently.

The company said an initial review of the tracking technologies, conducted in 2022, did not uncover any issues, but a more recent analysis of online technologies on the patient portal did reveal the possible exposure of information.

Atrium said it’s difficult to precisely determine what data was transmitted to third-parties, but it’s assuming that all users of the MyAtriumHealth or MyCarolinas patient portal between January 2015 and July 2019 are affected. 

Depending on the user’s browser, configuration, and actions, information such as IPs, cookies, information on treatment or provider, names, email addresses, phone numbers, and physical addresses may have been exposed.

“Based on our review, no Social Security number, financial account, credit card or debit card information was involved,” Atrium pointed out, adding, “There is no evidence that any information that may have been shared with these third parties has been misused in any way. Moreover, the nature of the information that could have been collected would be very unlikely to result in identity theft or any financial harm.”

It’s worth noting that this is not the only cybersecurity incident disclosed by Atrium in recent months. In mid-September, the company notified a subset of patients and employees after discovering that over a period of two days in April someone had gained access to employee email accounts through phishing. 

Advertisement. Scroll to continue reading.

An investigation showed that the compromised email accounts stored information on some patients and employees, including a wide range of personal, financial and health information, such as Social Security numbers, bank account information, access credentials, and treatment/diagnosis details.

SecurityWeek has reached out to Atrium Health for clarifications regarding which of these incidents impacted 585,000 people, but the healthcare company has not responded.

Atrium Health provides healthcare services at more than 1,400 care locations and 40 hospitals across several states.

Back in 2018, Atrium Health experienced a data breach that impacted 2.6 million patients. 

Update 12.09.2024: Atrium Health has confirmed for SecurityWeek that the incident impacting 585,000 people is the one involving online tracking technologies.

Related: Other healthcare data breaches covered by SecurityWeek

Related: Two UK Hospitals Hit by Cyberattacks, One Postponed Procedures

Related: Bipartisan Legislation Seeks Stronger Healthcare Cybersecurity

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.