On October 1, 2018, AccuDoc Solutions informed Atrium Health that it had been the victim of a cyber incident involving AccuDoc’s systems. Based on an investigation of AccuDoc’s systems, we understand that an unauthorized third party gained access to AccuDoc’s databases between September 22, 2018 and September 29, 2018 through a website for an unrelated client.
This incident may have involved personal information provided in connection with payment for health services at an Atrium Health location (formerly Carolinas HealthCare System) and at locations managed by Atrium Health, including Blue Ridge HealthCare System, Columbus Regional Health Network, NHRMC (New Hanover Regional Medical Center) Physician Group, Scotland Physicians Network, and St. Luke’s Physician Network (collectively, the “Managed Locations”).
We sincerely regret this incident occurred regarding AccuDoc’s databases, and we apologize for any inconvenience. If you have questions or would like additional information, please call toll-free 1-833-228-5726 Monday through Friday from 9:00 a.m. to 6:00 p.m. Eastern Time.
AccuDoc is a billing vendor that provides billing services to healthcare providers, including Atrium Health and to certain locations that Atrium Health manages. These services include preparing the paper billing statements you receive in the mail. AccuDoc also operates the website where patients and guarantors can pay online for health care services. AccuDoc needs patient and guarantor information to carry out these billing services and to help manage your or your family member’s accounts.
The unauthorized access to AccuDoc’s systems occurred between September 22, 2018 and September 29, 2018. AccuDoc informed Atrium Health about the cyber incident on October 1, 2018.
If you received a notice letter from AccuDoc and Atrium Health, then our review showed that some of your personal information may have been in the databases that the unauthorized third party accessed. If you did not receive a letter but believe that you should have, please call toll-free 1-833-228-5726 Monday through Friday from 9:00 a.m. to 6:00 p.m. Eastern Time for more information.
If you received a letter and it did not specifically state that your Social Security Number may have been involved, then it was not involved in this incident.
No. Financial account information (bank account numbers, credit card information, or debit card information) was not involved in this incident.
No. Atrium Health’s own systems and those of our Managed Locations were not affected by this cyberattack on AccuDoc, and clinical information and medical records systems were not accessed.
Based on reviews by nationally-recognized forensic investigators, information belonging to Atrium Health and its Managed Locations does not appear to have been taken from AccuDoc’s systems.
Based on our review of the databases involved, the information involved may have included certain personal information about patients and guarantors (a person responsible for paying a patient’s bill), including first and last name, home address, date of birth, insurance policy information, medical record number, account balance, and dates of service. For some individuals, the personal information may also have included Social Security Numbers. If your letter does not specifically state that your Social Security Number may have been included in the affected information, then it was not involved in this incident.
A guarantor is someone who is responsible for paying a patient’s health care bills. For example, a guarantor is often someone who has health insurance covering the patient, such as the patient’s parent or spouse.
The incident involved AccuDoc’s systems and databases. Atrium Health’s systems were not involved and the systems of its Managed Locations were not involved. In addition, clinical information and medical records systems were not involved.
Atrium Health is the new name for Carolinas HealthCare System. If you received a letter from AccuDoc and Atrium Health, it is because you likely received or paid for patient care services from one of the hospitals, urgent cares, or physician practices that Atrium Health owns or manages.
Both AccuDoc and Atrium Health have been working tirelessly to investigate the incident since it was discovered. Cybersecurity investigations can be very complicated and it was important that we accurately understood what happened and properly identified who was affected. Both AccuDoc and Atrium Health engaged their own forensic investigators to review the incident and alerted the Federal Bureau of Investigation (FBI).
AccuDoc and Atrium Health both take the privacy and security of our customers’ personal information very seriously. As soon as AccuDoc discovered the incident, it immediately terminated the unauthorized access and took steps to secure its affected databases and enhance its security controls. Atrium Health has reviewed its security safeguards and remains vigilant for similar types of incidents. AccuDoc and Atrium Health each engaged forensic investigators and also have been in contact with the FBI.
Yes, both AccuDoc and Atrium Health have been in contact with the Federal Bureau of Investigation (FBI). Personal information was not shared in those conversations.
Receiving a notice letter does not necessarily mean that you have been a victim of identity theft. We do, however, encourage you to remain vigilant in monitoring your account statements for any suspicious activity and to promptly report such incidents. For example, you might consider routinely reviewing bills, notices, statements, and explanations of benefits that you receive from financial institutions, hospitals, doctors, and health insurance companies. Also, if you received a letter, then a Reference Guide was included with information about general steps individuals can take to protect their information. For your convenience, you can also find the Reference Guide here.
If your Social Security Number was included in the information on AccuDoc’s database, the notice letter you receive will indicate that you are being offered identity monitoring services, free of charge. It is your choice whether to receive the identity monitoring services, and you must enroll in the services in order to receive them. More information on how to enroll in these services can be found in the notice letter sent to you, or by calling toll-free 1-833-228-5726 Monday through Friday from 9:00 a.m. to 6:00 p.m. Eastern Time. Remember that you will need your Membership Number, which is listed in your notice letter. Please note that you must register by February 28, 2019 in order to participate in the free identity monitoring services.
Please call toll free at 1-833-228-5726 Monday through Friday from 9:00 a.m. to 6:00 p.m. Eastern Time with any questions.
Yes, you can certainly pay your bill online as you normally would do. AccuDoc and Atrium Health both take the privacy and security of our customers’ personal information very seriously and confirmed that AccuDoc has security safeguards in place. If you would prefer to pay your bill by other means, such as by phone or mail, you can do so. See your bill for more information.