Atrium Health has issued an apology to its patients following a data disclosure issue where personal information may have been shared with third-party vendors, including tech giants Google and Facebook, through the use of online tracking technologies on its patient portal. This potential breach concerned data from users of the MyAtriumHealth or MyCarolinas patient portal during a time span from January 2015 through July 2019.
The Charlotte-based healthcare provider began notifying those potentially affected after it has been discovered that pixels, commonly utilized for tracking online user activities, might have inadvertently transmitted personal data to third parties. The healthcare system was spurred into a comprehensive review of its patient portals after concerns regarding such tracking technologies were raised nationally in June 2022, as per a notification released by Atrium Health. However, it should be pointed out that as of their last review, no financial data such as Social Security numbers or credit card information were believed to have been divulged, as reported by Becker's Hospital Review.
In a letter to patients, Atrium Health stated it had "assumed that all users whose MyAtriumHealth or MyCarolinas Patient Portal was accessed from January 2015 - July 2019 may have been affected," with the level of impact potentially varying based on browser used, individual's accounts with Google or Facebook, and specific actions taken online. The company has not disclosed the exact number of patients who might have had their information shared in this manner, citing the inability to conclusively determine which data was transmitted.
"We apologize for any concern or inconvenience this may have caused and remain committed to protecting the confidentiality and security of our patients' information," Atrium Health conveyed in a statement obtained by Becker's Hospital Review. A myriad of personal details, excluding financial data, were potentially compromised, including names, email addresses, phone numbers, and information regarding patients' treatments or healthcare providers. Atrium Health assured that it has no evidence that the data was misused but has pledged to continuously enhance its security controls to minimize the risk of such occurrences in the future.
As of the June 2022 review, Atrium Health, despite no longer actively using the contentious pixel technology, appears to be proactively addressing the situation. This includes contacting potentially affected patients and publicly acknowledging the lapse. They have notified users through various channels and are continuing to assess and strengthen their cyber defenses to prevent similar incidents. Further updates and details about the data privacy issue are available in reports by WBTV.
