A recent cyber incident involving a large healthcare billing vendor illustrates the importance of cybersecurity in the healthcare realm and highlights a major risk for healthcare providers when contracting vendors to handle, store or distribute sensitive information. AccuDoc Solutions, Inc., which provides billing and other services for healthcare providers in the Carolinas, recently announced that certain databases containing information belonging to Atrium Health may have been involved in a cyber breach incident.
According to Atrium Health, an unauthorized party gained access to their billing databases housed in AccuDoc’s systems between September 22 and September 29, 2018, and AccuDoc quickly informed them that the breach had occurred. The databases that were accessed by the unauthorized party contained information provided in connection with payments for healthcare services at a handful of Atrium Health locations. The breach affects approximately 2.65 million patients, and the compromised information may include first and last names, home addresses, dates of birth, insurance policy information, medical record numbers, invoice numbers, account balances and dates of service. Additionally, for about 700,000 patients, Social Security numbers may have been compromised as well.
Healthcare Data Breach Aftermath
Both AccuDoc and Atrium Health took immediate action to reduce the impact of the breach as much as possible. Forensic investigations indicate that information was not removed from AccuDoc’s systems and Atrium Health insists that patients’ actual medical records, bank account numbers and debit or credit card numbers were not accessed. As soon as the incident was discovered, the unauthorized access was terminated and steps were taken to secure affected databases and enhance security controls. Both AccuDoc and Atrium Health retained their own forensic investigative firms to review the incident, and contacted the Federal Bureau of Investigation (FBI) as well. For the approximately 700,000 patients whose Social Security numbers may have been involved in the incident, free credit monitoring and identity protection services has been offered.
Healthcare Cybersecurity Efforts: More Important Than Ever
The AccuDoc data breach further emphasizes what we’ve seen over and over again in the healthcare industry: when vendors are brought into the equation, the risks increase. Cyber coverage alone is not always enough protection for the rising cost of a data breach. Industry-specific coverage options such as complete cyber risk services for healthcare providers can help address the unique exposures that today’s providers face. Agents that are knowledgeable about the cyber liability needs of healthcare providers can help to market, structure and negotiate insurance that provides comprehensive cyber risk mitigation for both policyholders and their vendors.
About Highland Risk Services
At Highland Risk, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. With offices to serve you in Chicago, Illinois and Phoenix, Arizona, we do everything we can to make your experience with us as professional and transparent as possible. To learn more, contact us at (877) 890-9301.