Atrium Health, based in Charlotte, North Carolina, was the target of a phishing attack that compromised several employee email accounts. The attack began on April 29, 2024, and unauthorized access to employee accounts continued until April 30. The breach was discovered shortly after it began, prompting the health system to launch an investigation into the extent of the attack and the type of data that might have been exposed.
The investigation revealed that sensitive patient data, such as names, contact information, Social Security numbers, medical record numbers, treatment information, and financial details, were potentially compromised. However, Atrium Health clarified that the breach did not involve unauthorized access to its Electronic Health Records (EHR) system, and no direct targeting of medical or health information was confirmed. Despite this, Atrium took the precautionary measure of notifying affected patients.
While Atrium Health stated that there is no evidence that the information accessed has been viewed or misused by the attackers, the organization decided to send notification letters to those whose information was involved, where sufficient contact information was available. This move was made to alert individuals to the potential risk and provide information on how to protect themselves from identity theft or other possible misuse of their personal data.
In response to the breach, Atrium Health has committed to enhancing its security measures to prevent similar incidents in the future. The health system is focused on strengthening its defenses to safeguard sensitive patient and employee information and reduce the likelihood of future cyberattacks targeting its network.
Reference:
