Charlotte, N.C.-based Atrium Health notified patients that an April phishing attack on its home health service may have exposed their protected health information.
On April 8, Atrium said it learned that an unauthorized user gained access via a phishing tactic to an Atrium Health at Home employee's email and messaging account between April 7 and April 8.
The compromised accounts contained the personal health information of patients, including names, addresses, dates of birth and health insurance information. A limited number of patients may have also had their Social Security numbers, driver's license numbers and financial account numbers compromised in the breach.
Dan Fogleman, senior director, enterprise communications of Atrium, told Becker's that fewer than 7,000 patients were affected by the breach.
Atrium said it is mailing letters to the affected patients and hasn't determined whether the unauthorized user accessed the protected health information in the accounts.