The company that Atrium Health contracts with for billing services says it was hacked in late September. The company and the health system revealed Tuesday this could impact more than 2.65 million people all over the country.
Names, addresses, birth dates, insurance information and — in some cases — social security numbers may be at risk. The hacked company, AccuDoc Solutions, says the compromised databases included personal information, but not medical records or financial information.
Atrium Health, formerly Carolinas HealthCare System, keeps those records separately. Atrium contracts with AccuDoc, a healthcare technology company based in Morrisville, to bill patients at Atrium Health locations and at hospitals and health care facilities affiliated with Atrium Health. Those facilities include Blue Ridge HealthCare System, Columbus Regional Health Network, New Hanover Regional Medical Center Physician Group, Scotland Physicians Network and St. Luke’s Physician Network.
AccuDoc General Counsel Ken Perkins explained that it all started when an Atrium patient reported having trouble paying a bill online. AccuDoc then realized the system had been breached and started investigating.
“There is cyber forensic evidence that shows there were attempts by the invader to actually download the data and those attempts were unsuccessful,” Perkins said. “That’s been proven by the forensic experts.”
Sometime between Sept. 22 and 29, hackers gained access to AccuDoc’s databases after hacking one of its vendors, ProWord — which AccuDoc has since fired. Perkins said this is the first cyberattack on the 13-year-old company. Both the FBI and a private forensic firm investigated, and Perkins said it doesn’t appear any information was stolen. But he said the company determined it was still important to notify patients.
“The fact that the system was entered we believe obligates us to go ahead and — out of an abundance of caution — notify any patient or guarantor who could have been in that database,” Perkins said.
Atrium Health says it waited to reveal the breach until law enforcement investigated and identified who was impacted. The company says those estimated 2.65 million people will get letters and those whose social security numbers were involved are being offered free credit monitoring and identity protection services. AccuDoc and Atrium have set up a call center to help those impacted.
People can reach the call center at 1-833-228-5726 or go to krollfraudsolutions.com/accudocincident for a list of frequently asked questions.