Notice of Security Incident

AtriCure, Inc. is committed to protecting the privacy of our employees’ information. We are in the process of notifying current and former employees, as well as beneficiaries and dependents of those employees, of an incident involving unauthorized access to data maintained by the AtriCure, Inc. Group Health Plan. This notice describes the incident, measures we have taken, and some steps that individuals may consider taking in response.

We determined that an employee email account was accessed without authorization for a limited period of time on March 8, 2021. We immediately took steps to secure the account, began an internal investigation, and hired a cybersecurity firm to assist. The investigation was unable to determine whether the unauthorized person actually viewed any emails or attachments in the account. To identify individuals whose information may have been involved, we reviewed the contents of the email account that was accessible to the unauthorized person. From this review, on April 7, 2021, we discovered that the emails contained in the account may have included information relating to the AtriCure, Inc. Group Health Plan, including member names, addresses, dates of birth, Social Security numbers, financial account information, clinical information, and health insurance claims information.

We have no indication that any information was actually viewed by the unauthorized person, or that it has been misused. However, out of an abundance of caution, on June 4, 2021, we began notifying individuals whose information was involved in the incident. We are offering individuals involved in the incident with a complimentary membership to Experian’s® IdentityWorksSM, which includes credit monitoring, fraud consultation, and identity theft restoration services. We recommend that current and former employees, and their beneficiaries and dependents, remain vigilant for signs of unauthorized activity by reviewing any statements that they receive relating to their health insurance. If they identify any charges or activity that they did not authorize, they are encouraged to contact AtriCure immediately.

AtriCure sincerely regrets that this incident occurred and apologizes for any inconvenience this may have caused. To help prevent something like this from happening again, and to further protect health plan data, AtriCure is enhancing its existing security protocols and re-educating staff for awareness on these types of incidents. If you would like more information about the incident, please call our dedicated call center at 1-877-420-0507, Monday through Friday, from 8:00 A.M. through 5:00 P.M. Eastern Time, excluding major U.S. holidays.