Atrium Health has issued a public notification regarding a privacy issue that potentially exposed patient data through the use of online tracking technologies on its MyAtriumHealth Patient Portal. The issue stems from tracking tools active between January 2015 and July 2019, which may have transmitted limited personal information to third-party vendors, such as Google and Meta.
The discovery followed a broader industry-wide scrutiny of online tracking technologies on healthcare websites in June 2022. Although Atrium Health confirmed in 2022 that these tools were no longer active on the Patient Portal, a subsequent investigation earlier this year revealed that tracking tools had been historically employed from 2015 to 2019. These tools were used to enhance user experience but unintentionally may have transmitted data to external vendors.
Atrium Health clarified that while it cannot conclusively determine the extent of the data transmission, it has taken a cautious approach by assuming all users of the portal during the specified period could have been affected.
The Patient Portal, accessible via both a website and mobile application, may have shared the following types of user data:
- IP address, unique third-party cookies, and browser-specific identifiers.
- Data embedded in URLs or button text, potentially including limited treatment or provider information.
- For users who completed forms, shared data could include name, email address, phone number, city, state, ZIP code, and gender.
No sensitive information such as Social Security numbers, financial details, or payment card information was involved. Atrium Health emphasized that the nature of the affected data poses a minimal risk of identity theft or financial harm.
Atrium Health, formerly known as Carolinas HealthCare prior to February 2018, operates a vast network of healthcare facilities in the Carolinas. The MyAtriumHealth Patient Portal serves as a digital platform for patients to access medical records, schedule appointments, and manage their care. However, this issue was limited to patients using the portal at Atrium Health facilities in Mecklenburg County, North Carolina, and surrounding areas. Affiliates such as Atrium Health Wake Forest Baptist and others were unaffected.
According to the U.S. Department of Health and Human Services Office for Civil Rights breach portal, the exposure impacts up to 585,959 patients of Atrium Health.
In response to the incident, Atrium Health has:
- Disabled and removed all online tracking tools from the Patient Portal since 2019.
- Strengthened monitoring and security systems to prevent future incidents.
- Conducted a comprehensive review of its technology usage to align with privacy commitments.
- Patients concerned about the issue are encouraged to manage online tracking by adjusting browser settings or reviewing privacy configurations on platforms like Google and Meta.
Atrium Health has also set up a dedicated call center to address patient questions at (866) 676-6532, available Monday through Friday, 9 a.m. to 6:30 p.m. ET, excluding holidays.
Tor Project Retires BridgeDB in Favor of Rdsys to Fight Censorship
Leave a Reply