Atrium Health Data Breach: What You Need to Know
Atrium Health recently announced a breach potentially affecting more than 2.6 million patient records. Per the release, they stated that the breach occurred via a third party partner, AccuDoc, a billing and tech services firm. The breach was said to include insurance policy information, medical record numbers, invoice numbers, account balances and dates of service. It is also estimated that as many as 700K of those include Social Security Numbers.
WATCH: WBTV Interviews Rebyc Security CEO, Keith Haskett on the Atrium Health Breach
As details emerge, AccuDoc has stated that the unauthorized access occurred via a third party vendor they were using. This is a pretty common practice when hackers are looking to gain access to highly sensitive and protected data. Basically, find the lowest hanging fruit and try to pivot or escalate privileges to gain access to the information they are seeking.
A spokesperson from Atrium stated that the records were accessed, but not downloaded. During an interview with WBTV, Keith Haskett, CEO of Rebyc Security, was asked to comment if patients should rest easier given this info. His response, “probably not.” They have stated the authorized third party had access for close to a week, which is plenty of time to screen scrape data or even manually transfer without risk of being tracked.
Data Breach Concerns? Be Offensive.
About Rebyc Security
We are a team of cyber security experts focused holistically on providing offensive security services. Our team is constantly researching and working on the latest ways to penetrate and exploit our clients. We are hired to do so, under the guise that it is much better to bring in a team of security experts to find exposures than to roll the dice and see if the bad guys find them first.
Our team is heavily experienced in regulated industries including Banking, Credit Unions, Insurance and Healthcare. Additionally, we have worked in a number of other industries including Retail and Software/SaaS Organizations. Our team will use its knowledge of multiple industries to customize a program that meets your organization’s security requirements. It’s getting increasingly difficult to stay ahead of the cyber security curve, so let our certified security professionals ease the burden for you.