Notice from Atrium Health Regarding Cyber Security Incident

November 27, 2018

Atrium Health, which performs billing functions for some NHRMC Physician Group practices, is notifying patients and the public today of potential unauthorized access to patient data through one of Atrium’s billing vendors, AccuDoc Solutions.

A notice will be posted on the nhrmc.org and nhrmcphysiciangroup.org websites and Atrium and AccuDoc are sharing additional information through a separate FAQ page and toll-free number.  Please read the message from Atrium below and direct any patient inquiries to the resources cited. As always, questions from the media should be directed to our Marketing and Public Relations Department at 612-7999.

Please note that the message from Atrium indicates that some records in the AccuDoc database included Social Security numbers, but the NHRMC Physician Group records did not.

This breach was separate from NHRMC systems and we remain vigilant in protecting our patients’ privacy. Thank you for your continued support of our efforts.

Message to Teammates from Atrium Health

As you know, protecting the confidentiality and security of our patients’ information is a top priority at Atrium Health. Because many of our teammates are also our patients, we wanted you to be the first know that regrettably, we will be notifying the public about a recent cyber incident that may have involved patient information later today.

On October 1, 2018, one of Atrium Health’s billing vendors, AccuDoc Solutions, informed them that they had been the victim of a cyber incident and that certain information belonging to Atrium Health and certain Regional partners, including NHRMC Physician Group, may have been accessed by an unauthorized third-party between September 22, 2018 and September 29, 2018.   This information may have included patient and guarantor names, addresses, dates of birth, insurance policy information, medical record numbers, invoice numbers, account balances, dates of service and, in some instances, Social Security numbers. 

Based on the review of several expert forensic firms, personal clinical and medical records were not accessed during this incident, nor was financial account information (such as bank account numbers, credit card, or debit card information).  It is also important to note that NHRMC Physician Group’s internal systems, including its electronic medical record system, were not accessed during this security incident.

While the information was not removed from AccuDoc’s systems and we are not aware of any misuse of the data involved, we understand how this incident may cause concern.

Here are a few key things you need to know: 

  • Starting November 27, 2018, we are sending letters to people whose information may have been in the affected databases.  These letters explain what happened in more detail and provide important information and guidance. 
  • We have a list of frequently asked questions posted at www.krollfraudsolutions.com/AccuDocIncident.  Those affected by this incident can also call a toll-free number, 1-833-228-5726, for more information. It is available Monday through Friday, 9 a.m. to 6 p.m. EST. 

If patients or others have questions about this incident, please refer them to the above website and the toll free number for more information.

We are committed to protecting patient information and we deeply regret any inconvenience and concern the vendor’s security incident may cause. We appreciate your continued support for privacy and security and for all you do to care for our patients.