Atrium Health, a major healthcare provider, has issued a public apology and notified patients about a significant data exposure incident affecting users of its MyAtriumHealth and MyCarolinas patient portals. The breach, which lasted from January 2015 to July 2019, occurred due to the use of internet tracking technologies that sent personal information to third-party vendors like Google and Facebook. Although Atrium Health emphasized that sensitive data such as Social Security numbers, financial details, and credit card information were not involved, it did confirm that other personal data, including names, contact information, and medical treatment details, may have been shared.
The exposure was uncovered during a recent review of Atrium’s online technologies. Initially, Atrium had believed it was not using the tracking tech that had raised concerns across healthcare websites in 2022. However, further investigation revealed that these technologies had been in use until they were disabled in 2019. As a result, Atrium Health has apologized for the incident and has stated that it is taking steps to improve its information security systems.
Although the company believes there is no evidence of identity theft or financial harm resulting from the breach, Atrium Health cautioned that patients may have been affected differently depending on factors such as web browser configurations, the use of cookies, and whether they had accounts with the affected third-party vendors. To reassure patients, Atrium emphasized that it is working to strengthen its cybersecurity measures and ensure that such an incident does not occur in the future.
This apology follows a separate incident in September 2024, where Atrium Health also publicly apologized for a phishing attack that exposed employees’ personal data, including Social Security numbers. The healthcare provider, part of Charlotte-based Advocate Health, serves millions of patients across the U.S. and employs over 155,000 people. Despite these setbacks, Atrium Health remains committed to safeguarding patient information and improving its online security protocols moving forward.
Reference:
