Charlotte, N.C.-based Atrium Health recently fell victim to an email phishing campaign that compromised employee email accounts.
The attack, which began on April 29, allowed an unauthorized third party to access several employee accounts between April 29 and April 30. Upon discovering the breach, Atrium launched an investigation and found that sensitive patient data could have been potentially exposed.
This information includes names, contact details, Social Security numbers, medical record numbers, treatment details, financial information and more, according to a breach notification posted on Atrium's website. The authorized party did not access the health system's EHR system.
While Atrium stated that the attackers did not appear to target medical or health information, it is notifying patients as a precautionary measure. The health system has not disclosed how many individuals were affected by the breach.
"We have no indication that anyone's information was actually viewed by the unauthorized third party or that it has been misused. However, as a precaution, we are mailing notification letters to people whose information was identified through our review and for whom we have sufficient contact information," the breach notification reads.
Atrium stated that it is strengthening its security measures to reduce the likelihood of similar incidents occurring in the future.