Unauthorized Access to Databases at Vendor May Have Involved Personal Information

11.27.2018 Atrium Health News | Atrium Health Alert

Patients being notified following an extensive internal investigation

CHARLOTTE, N.C., November 27, 2018 – AccuDoc Solutions, Inc., and Atrium Health announced today that AccuDoc has been the victim of a cyber incident and that certain databases containing billing information belonging to Atrium Health and its managed locations may have been involved. AccuDoc is a third-party vendor that provides billing and other services for healthcare providers, including Atrium Health.

Following an extensive review of AccuDoc’s systems by multiple forensic experts, it appears that an unauthorized third party gained access to AccuDoc’s databases between September 22 and September 29, 2018. AccuDoc informed Atrium Health on October 1, 2018. The forensic investigations indicate that the information was not removed from AccuDoc’s systems. In addition, Atrium Health’s core systems and those of its managed locations are separate from AccuDoc’s systems and were not involved in this incident. Personal clinical and medical records were not involved, nor was financial account information, such as bank account numbers or credit card or debit card information.

The databases accessed by the unauthorized third party contained information provided in connection with payment for healthcare services at an Atrium Health location, formerly Carolinas HealthCare System, and at locations managed by Atrium Health, including Blue Ridge HealthCare System, Columbus Regional Health Network, NHRMC (New Hanover Regional Medical Center) Physician Group, Scotland Physicians Network and St. Luke’s Physician Network. Information that may have been accessed includes certain personal information about patients and guarantors (a person who is responsible for paying a patient’s bill). This information may have included first and last name, home address, date of birth, insurance policy information, medical record number, invoice number, account balance, dates of service and, in some instances, Social Security numbers.

Privacy and security are a top priority of AccuDoc and Atrium Health and both parties took immediate action to protect the confidentiality of patients’ information. As soon as the incident was discovered, AccuDoc terminated the unauthorized access, retained a forensic firm and took steps to secure its affected databases and enhance its security controls. AccuDoc continues to monitor its systems for any additional related activity. Atrium Health also reviewed its security safeguards and system activity, as well as engaged its own nationally recognized forensic investigative firm to conduct a thorough independent review of the incident. Both AccuDoc and Atrium Health have been in contact with the Federal Bureau of Investigation (FBI).

While we are not aware of any misuse, AccuDoc and Atrium Health are contacting patients and guarantors whose information was in the affected databases out of an abundance of caution. Those with Social Security numbers involved in this incident are being offered free credit monitoring and identity protection services.

AccuDoc and Atrium Health deeply regret any inconvenience and concern this incident regarding AccuDoc’s databases may cause. For questions or additional information, individuals should call toll-free 1-833-228-5726, Monday through Friday from 9 a.m. to 6 p.m. Eastern Time. They can also visit www.krollfraudsolutions.com/accudocincident for a list of frequently asked questions. Individuals should monitor any unauthorized activity regarding their accounts, bills, notices and insurance transactions. For information on various steps individuals can take to protect their identity and information, please visit Tips & Advice for Consumers at the Federal Trade Commission’s website at www.ftc.gov.

About AccuDoc Solutions
AccuDoc Solutions, Inc., provides technology services to more than 50 hospitals and healthcare systems, principally in the Eastern United States. AccuDoc’s services include patient billing and communication, custom programming, data warehousing, system integration, and payment solutions. AccuDoc is committed to delivering the highest quality services to its clients and their patients at a reasonable cost, thereby promoting the advancement of efficiencies in the healthcare system.

About Atrium Health

Atrium Health, previously Carolinas HealthCare System, one of the nation's leading and most innovative healthcare organizations, provides a full spectrum of healthcare and wellness programs throughout the Southeast region. Its diverse network of care locations includes academic medical centers, hospitals, freestanding emergency departments, physician practices, surgical and rehabilitation centers, home health agencies, nursing homes and behavioral health centers, as well as hospice and palliative care services. Atrium Health works to enhance the overall health and well-being of its communities through high-quality patient care, education and research programs, and numerous collaborative partnerships and initiatives.

Kenneth D. Perkins
General Counsel
kperkins@perkinsLLC.com
412-480-7266

Atrium Health Contact
Chris Berger
AVP, Corporate Communications
Chris.Berger@AtriumHealth.org
704-631-0951