The apparent cause is the hacking suffered by a third party provider
Digital forensics specialists from the International Institute of Cyber Security have reported a new massive data breach incident. This time, the victim is Atrium Health, wellness and health program provider, formerly known as Carolinas HealthCare Systems.
After AccuDoc Solutions, one of its third party providers, was hacked, Atrium Health announced that about 2.65 million patient records might have been compromised. Information that may be exposed includes patients’ insurance policy data, medical file number, bills, address, dates of birth, and social security numbers.
“Third-party risk management is not a single security matter, this kind of incidents is important due to the increase in severity and frequency with which they are presented, affecting the growth of organizations that use this joint work model”, says George Wrenn, cybersecurity and digital forensics specialist.
“Each party involved must have the necessary information to take appropriate actions0. Organizations must have the best risk management methods involved in managing high volumes of data”, adds the expert.
According to the statement released by AccuDoc and Atrium Health, both organizations had relevant security measures. When AccuDoc discovered unauthorized access to their systems, the company’s executives ordered a digital forensics investigation to “ensure the protection of the compromised databases and improve the established security controls”. The company informed Atrium Health about the incident on October 1st.
The organization keeps monitoring its computer systems hoping to detect some indication of new anomalous activities. AccuDoc also mentions that, so far, they have no evidence to confirm that personal information has been extracted from their systems.
Atrium Health, on the other hand, has its own digital forensics research team, which is conducting a review of their systems independently of AccuDoc’s research; both organizations are in contact with the FBI for any new signs of malicious behavior in their systems.
“Just when we thought that the protection of personal data in the healthcare sector showed signs of improvement, data breach in Atrium Health arrived, thus 2018 have been consolidated as a year of records in terms of health cybersecurity incidents”, says Pravin Kothari, information security specialists.