Security Breaches at Atrium Health and Heartland Healthcare Services Reported

Patient Data Likely Exposed in Atrium Health Phishing Attack

Atrium Health based in Charlotte, NC reported a phishing incident that compromised the protected health information (PHI) of 6,695 individuals who received services from Atrium Health at Home. A staff member clicked a link in a phishing email on April 7, 2022 and exposed the credentials for an email account. Atrium Health detected the breach on April 8 and blocked the unauthorized access right away.

From April 7 to April 8, the unauthorized third party utilized the account for sending other phishing emails, which indicates that acquiring patient data saved in the account wasn’t the purpose of the phishing attack, though it cannot be determined whether any patient data was seen or acquired.

An analysis of the email messages and file attachments within the account showed they included patients’ complete names, residential addresses, dates of birth, medical insurance data, and medical data (including medical record number, service dates, facility and provider and/or diagnosis and treatment details). The financial account data, Social Security numbers, and/or driver’s license/state ID numbers of some persons were also exposed. Atrium Health stated there were no reported instances of patient data misuse.

Affected persons received breach notification letters. Those who had either their Social Security number, driver’s license number, or financial account information exposed received free credit monitoring and identity theft protection services. Security measures have been improved and Atrium Health stated it will still give its employees regular phishing training.

Patient Data Theft Due to Heartland Healthcare Services Ransomware Attack

Heartland Healthcare Services based in Toledo, OH, has reported the exfiltration of files that contain patient information from its system during a ransomware attack in April 2022. The attack was discovered on April 11 when the employees could not access files on its system.

Heartland Healthcare Services mentioned that the attacker issued a ransom demand, however, after contacting the Federal Bureau of Investigation, it made the decision not to give the ransom payment. Part of the stolen data was uploaded to the dark web data leak website of the ransomware group.

A review of the impacted files showed they included the PHI of 2,763 individuals who got medicines via Heartland Healthcare Services, which include Heartland Pharmacy of Pennsylvania, Heartland Pharmacy of Illinois, or Heartland Pharmacy of Maryland. The stolen information contained names, phone numbers, addresses, medicine names, and other medication-associated data.

Heartland Healthcare Services claimed it has toughened its security procedures to stop the same attacks later on.