Atrium Health reports data breach after phishing attack

Atrium Health is reporting some of its patients and employees about a data breach resulting from a phishing attack on its email system.

Atrium Health is a nonprofit healthcare organization based in Charlotte, North Carolina. It operates over 1,400 care locations, including 40 hospitals across North Carolina, South Carolina, Georgia, and Alabama.

On April 29, Atrium Health discovered that an unauthorized third party had accessed a limited number of employee email accounts through a phishing email. The health system has taken steps to secure the affected accounts, engaged a third-party forensics firm to assist in the investigation, and notified law enforcement about the incident.

The investigation revealed that the unauthorized access occurred from April 29 to April 30. Although the unauthorized party gained access to some email accounts, Atrium Health stated that there is no evidence of misuse or viewing of patient or personal information, and their electronic medical records were unaffected as they are kept separate from the email system.

The number of affected individuals and the exposed data types are not disclosed.

Despite finding no evidence of data misuse, Atrium Health is notifying affected individuals and offering complimentary credit monitoring and identity protection services to those whose information could have been exposed.