Why Atrium just apologized to everyone who used its patient portal between 2015-2019
Atrium Health publicly apologized to patients and is notifying people who may have been impacted by an online data disclosure spanning 4 1/2 years before the pandemic, the healthcare giant announced Monday.
Personal information may have been sent to third-party vendors such as Google, Facebook (now Meta) and similar media platforms via internet tracking technologies from January 2015 through July 2019, Atrium said.
“Out of an abundance of caution,” and because it cannot determine what data was transmitted to the third parties, Atrium said it assumed that all users of MyAtriumHealth or MyCarolinas patient portal were probably affected.
No Social Security number, financial account, credit card or debit card information was involved, based on the health system’s review. But other details, such as patients’ names, email addresses, phone numbers and their treatment or provider may have been shared with the vendors, Atrium said.
Atrium did not provide a total number of people impacted by the incident in a public notice or when asked Monday by The Charlotte Observer. The company is continuing to monitor its information security systems while making improvements to its online technologies.
How Atrium concerns began
In June 2022, internet tracking technologies on health care systems websites across the U.S. were called into question, Atrium said. It said it checked its system and found it was not using the tech that was raising concerns.
But while reviewing its online tech again this year, Atrium said it realized that the technology had indeed been used in its patient portal before it was removed or disabled in July 2019.
There’s no evidence that the information was misused, according to Atrium. It also said it’s unlikely that identity theft or financial harms occurred.
Patients may have been impacted differently, Atrium said, based on their choice of web browsers, configurations, blocking methods, clearing or use of cookies, and if they had accounts with third-party vendors like Google.
People with questions about the incident call 866-676-6532 from 9 a.m. to 6:30 p.m. Monday through Friday.
An earlier Atrium apology
This is the second public apology from Atrium in recent months.
In September, Atrium apologized to patients impacted by a malicious email sent to employees in April. Social Security numbers may have been among the personal information exposed to the criminals.
An unauthorized third party gained access to a group of employees’ emails through phishing, according to Atrium. Phishing occurs when an email looks trustworthy but deception is used to get information or access to online accounts.
About Atrium Health
Atrium Health is a part of Charlotte-based Advocate Health. The hospital system is the third-largest nonprofit health system in the U.S. and serves about 6 million patients.
More than 155,000 employees work in 68 hospitals and over 1,000 health care locations.
This story was originally published December 2, 2024 at 2:09 PM with the headline "Why Atrium just apologized to everyone who used its patient portal between 2015-2019."
