Atrium Health data breach: Phishing attack exposes sensitive consumer information

On September 13, 2024, Charlotte-Mecklenburg Hospital Authority, operating as Atrium Health, confirmed a data breach following an email phishing attack on its employees. Initially discovered on April 29, 2024, the breach allowed unauthorized access to employee email accounts, potentially exposing sensitive consumer information.

Atrium Health’s investigation revealed that the phishing attack occurred between April 29 and April 30, 2024. The compromised data includes names, Social Security numbers, driver’s license numbers, financial account information, medical and health insurance details, digital signatures, birth dates, and email addresses. The healthcare provider completed its review of the affected data by July 17, 2024.

In response, Atrium Health enlisted third-party forensics experts to assist with the investigation and immediately secured its systems. On September 13, 2024, the company posted a public notice and sent data breach notification letters to affected individuals. These letters detail the specific information compromised in the attack.

Consumers impacted by the breach are urged to remain vigilant and consider taking preventive measures against potential fraud and identity theft. Legal options and assistance are available for those affected, and further updates are expected as more information becomes available.

Atrium Health is a large hospital network based in Charlotte, North Carolina, serving several states across the Southeast with 40 hospitals and a range of other healthcare facilities. The network employs over 70,000 individuals and generates roughly $12.9 billion annually.