A data breach of hospital network Atrium Health has exposed personal information of more than 2.65 million patients, according to the Charlotte Observer.
On November 27, the Charlotte, NC-based healthcare organization revealed patient information, such as addresses, dates of birth, and Social Security numbers, were compromised. Roughly 700,000 Social Security numbers were exposed, but financial information such as credit card numbers are not thought to be a risk.
Between September 22 and 29, an unauthorized party gained access to databases via Atrium Health's third-party billing vendor, AccuDoc Solutions.
While the records were accessed without permission, forensics reports indicate the hacker was not able to actually download or remove the files, Atrium Health said.
AccuDoc informed Atrium Health of the breach on October 1, and immediately after discovery, the billing vendor cut off the unauthorized access point, hired a cyberforensics firm, and began shoring up database security, according to the news report.
Both firms continue to monitor their systems for any additional related activity. AccuDocs and Atrium Health notified the FBI, saying no evidence exists of data misuse, but they are still contacting all patients and guarantors involved in the breach out of caution.
