Near Miss: Collaboration, Diligence Contain Data Breach at Healthcare Provider

12/5/2018

Medical Cybersecurity Data BreachLast month, Atrium Health, a regional healthcare group operating in the Carolinas, reported that a data breach exposed information belonging to roughly 2.65 million patients during the last week of September 2018. Per an article on ZDNet, an “unauthorized threat actor was able to gain access to databases containing the records, which included names, home addresses, dates of birth, insurance policy information, service dates, medical record numbers, and account balances.

Although investigators believe financial information – e.g., credit card numbers -- was not at risk during the breach, about 700,000 Social Security numbers were exposed.

Despite this massive exposure, Atrium officials emphasized in their announcement that, while the records were accessed without permission, "our forensics reports indicate the [user] was not able to actually download or remove the files." Plus, forensic investigators have found no evidence of data misuse to date but Atrium is conducting a thorough notification campaign alerting “all patients and guarantors” involved in the breach.

Here’s our review of this near-miss breach:

•    What happened to Atrium?
An “unauthorized third party” breached one of the pressure points in today’s cybersecurity infrastructure: Cloud Services. Per a report in HealthData Management, the third party gained access to databases hosted by AccuDoc, a healthcare technology provider “offering custom programming, data warehousing, billing and system integration services. Atrium Health’s own information systems and those of its managed locations were not affected by the cyber attack.”

•    How did Atrium avoid a cybersecurity disaster?
First, Atrium’s vendor, AccuDoc, responded quickly by sounding alarms on October 1, shortly after the breach. And then, both organizations notified the FBI and launched forensic investigations. And now, in addition to notifying individuals at risk, Atrium is offering free credit card monitoring services in cases where Social Security numbers were exposed.

•    How is Atrium recovering from the breach?
As quoted by ZDNet, the two organizations are looking backward and forward together: “AccuDoc continues to monitor its systems for any additionally related activity… Atrium Health also reviewed its security safeguards and system activity, as well as engaged its own nationally recognized forensic investigative firm to conduct a thorough independent review of the incident."

In short, Atrium and its vendor, AccDoc, are following advice we shared in our Malware Manual series: Improve Your Future Process as You Investigate Your Current Breach:

“This approach ensures your pre- and post-breach processes unite in a cyclical continuum that helps your organization keep pace with evolving threats… We advocate you review 10 issues – data landscape, security culture, third-party contracts, organizational hierarchy, IT history, network configurations, security budget, security of your products and services, outsourcing policy and infrastructure-to-employee ratio – every time any one of them is compromised by malware or an attack.”

Want to increase your odds of avoiding a data breach in the first place? Check out our post:
“Want to Defend Against Data Breaches? Assume You’re Already Compromised.”