Atrium Health announced they’ve suffered from a ransomware attack following unauthorized access on Blackbaud’s management software.
According to the notice, a cyberattack affected Blackbaud’s database, including its customer Atrium Health. This attack compromised the personal information of patients, including their personal names, the birth of date, and the doctor’s name.
Blackbaud only discovered the unauthorized access to its systems on May 14, 2020, but after a series of investigations, they’ve found out the breach happened from Feb. 7 to May 20. Upon the discovery, the data management firm ‘lock hackers out of its systems.’
Atrium Health notified all affected customers through mail and announced the breach on its website. In the notice, it’s stated that cybercriminals removed a copy of the back-up database belonging to Blackbaud’s customers, including Atrium Health.
Blackbaud also paid an undisclosed ransom to the criminals to delete the data from the systems and hired a third-party cybersecurity firm to monitor actions involving the dataset. However, the company already identified and patched the issue, which caused the data leak.
Atrium Health ensures the public that no medical records, medications, credit card information, and bank account data were compromised or stolen.
“It is important to note that the affected information did not include any Social Security numbers, credit card information, or bank account information. Blackbaud does not and did not have any access to medical records nor to any information about patient prognosis, medications, or test results,” stated in Atrium Health notice.
Blackbaud notified Atrium Health on July 16 of the ransomware attack on its systems. The number of affected customers was not announced, but the impact could be massive as Atrium operates in different locations including Charlotte, Georgia, and Carolina.
Meanwhile, Atrium Health also disclosed that questions remained unanswered as Blackbaud is still conducting further investigation. However, the healthcare firm said, “we are diligently pursuing both answers and resolutions. We are very concerned about this event and are carefully evaluating our next steps.”
This isn’t the first time Atrium Health experienced a data breach. In 2018, another hacking caused its data provider AccuDoc Solutions to expose the data of 2.65 million patients. AccuDoc Solutions handled the patients billing through the online billing system.
About 44 hospitals run by Atrium Health were affected, exposing the crucial records of customers’ names, insurance policy details, medical record numbers, account balances, and dates of service.
At the moment, Atrium Health remains alert and continues its review of security safeguards.