The company, previously Carolinas HealthCare System, said that the data included addresses, dates of birth and social security numbers, according to Reuters. The breach occurred between September 22 and September 29. AccuDoc informed Atrium Health about the breach on October 1.
Personal clinical and medical records, as well as financial information, were not involved in the breach.
Just last year, Terence Rice, VP and chief information security officer at Merck & Co., told the Subcommittee on Oversight and Investigations of the House Committee on Energy and Commerce that healthcare cybersecurity still has a long way to go.
“Cybersecurity in the healthcare industry is far worse than what is reported,” Rice stated. In fact, despite the fact that the healthcare industry was named as the single most attacked industry by the 2016 IBM Cyber Security Intelligence Index, Rice said that the media continues to underreport the security risks facing healthcare.
Rice’s testimony in front of the House Committee laid out the following issues facing the healthcare industry when it comes to cybersecurity: concerns about reputational damage, the strained cybersecurity resources of smaller businesses, the security risk of increasingly portable healthcare information and more opportunities for attacks due to an increase in software usage across the healthcare space.
And earlier this month, the Centers for Medicare and Medicaid Services (CMS) confirmed on its website that it was the victim of a data breach in October when the Marketplace system used for agents and brokers was hacked. CMS said that some of the information that was accessible included name, date of birth, address, the last four digits of social security numbers, tax filing status and expected income, among a slew of other information.
In a statement on HealthCare.gov, the government agency said the breach allowed “inappropriate access to the personal information of approximately 75,000 people who are listed on Marketplace applications.”