Erlanger Health, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Erlanger Health, Inc., based in Tennessee, experienced a data breach involving the protected health information (PHI) of approximately 2,753 patients. The breach was a result of an unauthorized third party gaining access to software called MOVEit by Progress Software, which is used by Nuance Communications, Inc., a contracted partner of Erlanger Health, for securely moving electronic files[1][4].
The compromised PHI included patient names, dates of service, the services received, and, for some patients, the medical record number Erlanger uses internally as a unique patient identifier. It is important to note that no Social Security numbers or financial or account information were included with the files that were compromised[1].
The breach was first identified by Nuance Communications on August 2, 2023, and Erlanger Health was notified of the incident involving their patients’ data. Erlanger Health then took the necessary steps to notify the affected individuals of the improper access, use, or disclosure of their PHI, as required by law. Notification letters were mailed to the affected patients in mid-September[1][4].
Patients who had recently received imaging or radiology services or whose healthcare provider had requested a review of past imaging were the ones likely affected by this breach. Erlanger Health has provided a means for individuals to obtain more information from Nuance Communications if they believe they may have been affected by the incident[1].
The breach at Erlanger Health, Inc. is part of a larger series of incidents involving the MOVEit software, which also affected other healthcare providers and organizations[4].
Citations:
- https://www.erlanger.org/about-us/community-alert
- https://www.local3news.com/local-news/welltok-announces-data-breach-that-may-affect-chi-memorial-patients/article_4d2e5934-a7fa-11ee-be25-b7acc99837d4.html
- https://hacknotice.com/2023/09/18/erlanger-health-inc/
- https://www.hipaajournal.com/oak-valley-hospital-district-cyberattack-impacts-284k-patients/
- https://www.timesfreepress.com/news/2022/oct/06/it-shutdown-at-chi-memorial-unresolved-tfp/
- https://www.govinfo.gov/content/pkg/USCOURTS-tned-1_16-cv-00496/pdf/USCOURTS-tned-1_16-cv-00496-0.pdf
- https://www.timesfreepress.com/news/2021/oct/29/erlanger-board/
- https://www.calhipaa.com/cyberattack-reported-by-oak-valley-hospital-dms-health-technologies-and-jordan-valley-community-health-center/
- https://ryortho.com/breaking/hospital-and-ortho-group-fight-back-against-cybercriminals/
- https://www.beckershospitalreview.com/legal-regulatory-issues/erlanger-health-sues-management-company-for-alleged-breach-of-contract.html
- https://www.timesfreepress.com/news/2023/sep/05/healthy-concern-chattanooga-cybersecurity-expert/
- https://casetext.com/case/vandergriff-v-erlanger-health-sys
- https://www.local3news.com/local-news/cyber-security-team-sees-rise-in-data-breaches-among-hospitals-schools-and-businesses/article_c279bf20-b101-11ee-b34e-2ff107f49193.html
- https://ryortho.com/breaking/ortho-surgeon-whistleblowers-sue-erlanger-health-system/
- https://www.erlangerbh.com/about/privacy-practices/
- https://www.chattanoogan.com/2005/10/24/74681/Erlanger-Agrees-To-Pay-40-Million-On.aspx
- https://www.reddit.com/r/Chattanooga/comments/12i680e/corruption_lies_and_greed_at_erlanger/?rdt=47095