Atrium Health, previously Carolinas HealthCare System, said today that data of about 2.65 million patients including addresses, dates of birth and social security numbers may have been compromised in a breach at its third-party provider AccuDoc Solutions.
Atrium, which provides healthcare and wellness programs throughout the Southeast region in the United States, said a review revealed an unauthorized access to AccuDoc’s databases between Sept. 22 and Sept. 29.
Pravin Kothari, CEO at CipherCloud:
Now, with the Atrium Health breach the ball for the 2nd half of 2018 threatens to set a new half record with over 2.65 million patient records in just one reported event. The moral of the story? Healthcare security, both on-premise and in the cloud, has not caught up with best practices and likely won’t do so anytime soon.
Note that CipherCloud lab analysis is based upon our sources of data which reflect large breaches in the U.S. impacting over 500 patients. This data, in great part, is derived from data which must be reported to the U.S. HHS OCR in the event of a healthcare data breach. HHS OCR administers Health Insurance Portability and Accountability (HIPAA) compliance, which can levy very substantial fines in the event that electronic personal health information (ePHI) has not been protected adequately.“
George Wrenn, CEO and Founder at CyberSaint Security:
If nothing else, unknown risks within a supply chain can fuel fear around expansion. According to Gartner, 75% of the Fortune 500 will treat Vendor Risk Management as a board-level issue by 2020, driven by uncertainty and the pressing need to manage risk.
Every stakeholder should have easily accessible visibilityinto where risks lie within any given vendor list, and should be able to have the insights from that information to take meaningful action. There needs to be a better way to manage the growing risk that comes with expanding businesses.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.