Cyber Incident Victim: Advent Health Partners

Advent Health Partners, a Nashville-based provider of claims management services to hospital groups, identified unauthorized access to certain employee email accounts in early September 2021. The organization initiated an investigation to assess the breach's scope and nature, concluding on December 8, 2021, that files within the compromised accounts had potentially been accessed by the threat actor. The breached email accounts contained limited data sets stored in attachments, which Advent Health Partners used for routine operational communications with health insurance companies. While the investigation did not specify the exact intrusion method or duration of unauthorized access, it confirmed the exposure of operational data related to claims management processes. Advent Health Partners notified affected individuals after confirming the potential data access, reporting the incident to the HHS Office for Civil Rights as affecting 1,383 individuals.

The organization implemented response measures including complimentary credit monitoring and identity theft protection services for impacted individuals. Advent Health Partners conducted a review of security policies following the breach and introduced additional technical safeguards specifically targeting email system security enhancements. No specifics were provided regarding the nature of the security upgrades or whether multi-factor authentication was implemented. The breach notification emphasized operational data exposure but did not detail specific data elements beyond referencing "limited data sets" used for insurance communications. Advent Health Partners maintained continuity of claims management services throughout the incident response period while coordinating breach notifications through standard regulatory channels.