Cyber Incident Victim: Atrium Health

In early April 2022, Atrium Health at Home experienced a phishing incident impacting 6,695 patients. Between April 7 and April 8, an unauthorized party gained access to an employee’s business email and messaging account through a phishing scam. The organization’s investigation revealed the intruder’s behavior suggested a focus on distributing additional phishing emails rather than targeting specific medical or health information. Despite thorough forensic analysis, Atrium Health could not conclusively determine whether the attacker had accessed or exfiltrated personal information from the compromised account. The exposed data included patient names, dates of birth, health insurance details, medical information, and physical addresses. A smaller subset of records contained Social Security numbers, driver’s license numbers, and financial account information, though the organization found no evidence of actual misuse of this sensitive data.

Upon discovering the breach, Atrium Health immediately implemented containment measures including password resets for the affected account to prevent further unauthorized activity. The organization notified law enforcement authorities and conducted a comprehensive review of its security protocols. In response to the incident, Atrium Health enhanced existing security controls and committed to ongoing evaluation of additional safeguards to reduce future risks. The healthcare provider emphasized its regular phishing awareness training programs for employees as part of its security strategy. Atrium Health’s public notification acknowledged the inherent challenges in definitively determining data access in such incidents while maintaining transparency about the compromised information types. The organization’s response highlighted its operational security improvements without confirming any concrete evidence of data misuse by the threat actor.