The data breach impacted patients who used the “MyAtriumHealth” and “MyCarolinas” portals between January 2015 and July 2019. Atrium says information may have been unintentionally shared with third-party vendors like Facebook and Google.
Patient names, email addresses and treatment information could have been exposed, according to Atrium Health. The company says no Social Security numbers or financial information was involved in this data breach.
“There is no evidence that any information that may have been shared with these third parties has been misused in any way,” the company’s statement reads in part. “Moreover, the nature of the information that could have been collected would be very unlikely to result in identity theft or any financial harm. However, in light of our investigation and findings, combined with our commitment to transparency and protecting your privacy, we are providing notice of this situation. We take this matter very seriously and we’re continuing to monitor our information security systems, making improvements and enhancements where appropriate and evaluating any use of online technologies, consistent with our commitments to patient privacy.”
The company says it cannot determine the full extent of the leak, but it is notifying the potentially impacted patients.
