athenahealth Data Incident Exposes Sensitive Patient Data

Will Gendron
Editor in Chief
Published
November 19, 2024
Updated
December 5, 2024
athenahealth Data Incident Exposes Sensitive Patient Data
athenahealth
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

On September 16, 2024, athenahealth, Inc., a well-known electronic health record and revenue cycle management vendor, experienced a data breach that potentially affected a significant number of individuals.

The breach was discovered when an insurance provider notified athenahealth that certain patient insurance eligibility queries and responses—collectively known as Eligibility Transaction Files—were inadvertently made publicly accessible on the internet.

This exposure was due to a one-time, manual error in configuring the repository where these files were stored. The files were believed to have been uploaded on or after April 3, 2024.

The information exposed in this incident included:

  • Social security numbers
  • Medical records

athenahealth's Response

Upon learning of the breach, athenahealth took immediate action to remove the exposed files from the public repository. The company launched an investigation to understand how the breach occurred and identified the root cause as a configuration error. In response, athenahealth is evaluating additional safeguards, workflows, and process requirements to prevent similar incidents in the future.

They are also providing training and education to the individual responsible for the error.

To support affected individuals, athenahealth is offering complimentary access to Experian IdentityWorks for 12 to 24 months, depending on the individual's circumstances. This service includes identity restoration support and fraud detection tools.

Steps for Affected Individuals

If you believe you may have been affected by this data breach, there are several steps you can take to protect yourself:

  1. Enroll in Identity Protection: Take advantage of the complimentary Experian IdentityWorks membership offered by athenahealth. This service provides credit monitoring, internet surveillance, and identity restoration support.
  2. Monitor Your Accounts: Regularly check your credit reports and financial statements for any unauthorized activity. You are entitled to one free credit report annually from each of the three major credit reporting agencies.
  3. Consider a Fraud Alert or Credit Freeze: You may place a fraud alert on your credit file, which instructs creditors to take extra steps to verify your identity before opening new accounts. Alternatively, a credit freeze can prevent new credit from being opened in your name without your consent.
  4. Stay Informed: Keep an eye on any communications from athenahealth regarding updates or further protective measures.

For more detailed information, you can view the disclosure on the Massachusetts Attorney General's website.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Affected Entity
athenahealth
Consumers Notification date
Date of Breach
Breach Discovered Date
Total People Affected
Information Types Exposed
  • social security numbers
  • Medical Records
  • SSN

Join the

athenahealth

data breach lawsuit. It's free to join. 

Join the Lawsuit
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image