Once again, a healthcare provider’s data has been exposed through a breach of a third party vendor. On Tuesday, November 27th, 2018, Atrium Health (formerly known as Carolinas HealthCare System) notified 2.65 million customers that their information may have been accessed as a result of an attack on the company’s third party billing vendor, AccuDoc.
From September 22nd to September 29th, an unauthorized party was able to gain access to AccuDoc’s databases, which housed Atrium Health’s customer information. While the exact type and amount of data exposed is still unclear, Atrium has announced that it may include personal information such as names, addresses, dates of birth, policy information, medical records, invoices, account balances, dates of service, and social security numbers.
While this is far from the first third party data breach in the healthcare market, this attack is noteworthy both because of its size—if confirmed, this would be the largest healthcare data breach of 2018—as well as the fact that AccuDoc is a vendor for more than fifty hospitals and healthcare providers. As of now it is unknown whether any other clients of AccuDoc had their information exposed, but the fact that a malicious actor was able to access their databases at all emphasizes the inherent risk associated with third party vendors aggregating large amounts of client data. This stresses the need for firms to employ a comprehensive third party vendor risk management regiment.
Prevalent brings its partners the full toolkit for managing third party risk. Forrester recently named Prevalent a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions and noted that “Prevalent is best for companies that want one TPRM tool with integrated cyber-risk ratings. Given its robust risk intelligence and comprehensive risk management features, Prevalent is a worthy option for Security and Risk professionals seeking one tool for all cyber TPRM activities.”
As the industry’s only purpose-built, unified platform that integrates a powerful combination of automated assessments, continuous monitoring, and evidence sharing for collaboration between enterprises and vendors, Prevalent provides the best solution for a highly-functioning, effective third party risk program.
To learn more about Prevalent, watch our video.
Daryan Ver Ploeg is an Open Source Intelligence Analyst with Prevalent’s Vendor Threat Monitor team based out of Washington, DC. He is a graduate of the University of Maryland, College Park with a Bachelor of Arts in Government and Politics.
A Microsoft zero-day exploit enables attackers to gain full admin privileges. Use this questionnaire to assess...