Erlanger Health, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Erlanger Health, Inc., based in Tennessee, experienced a data breach involving the protected health information (PHI) of approximately 2,753 patients. The breach was a result of an unauthorized third party gaining access to software called MOVEit by Progress Software, which is used by Nuance Communications, Inc., a contracted partner of Erlanger Health, for securely moving electronic files[1][4].

The compromised PHI included patient names, dates of service, the services received, and, for some patients, the medical record number Erlanger uses internally as a unique patient identifier. It is important to note that no Social Security numbers or financial or account information were included with the files that were compromised[1].

The breach was first identified by Nuance Communications on August 2, 2023, and Erlanger Health was notified of the incident involving their patients’ data. Erlanger Health then took the necessary steps to notify the affected individuals of the improper access, use, or disclosure of their PHI, as required by law. Notification letters were mailed to the affected patients in mid-September[1][4].

Patients who had recently received imaging or radiology services or whose healthcare provider had requested a review of past imaging were the ones likely affected by this breach. Erlanger Health has provided a means for individuals to obtain more information from Nuance Communications if they believe they may have been affected by the incident[1].

The breach at Erlanger Health, Inc. is part of a larger series of incidents involving the MOVEit software, which also affected other healthcare providers and organizations[4].

Citations:

  1. https://www.erlanger.org/about-us/community-alert
  2. https://www.local3news.com/local-news/welltok-announces-data-breach-that-may-affect-chi-memorial-patients/article_4d2e5934-a7fa-11ee-be25-b7acc99837d4.html
  3. https://hacknotice.com/2023/09/18/erlanger-health-inc/
  4. https://www.hipaajournal.com/oak-valley-hospital-district-cyberattack-impacts-284k-patients/
  5. https://www.timesfreepress.com/news/2022/oct/06/it-shutdown-at-chi-memorial-unresolved-tfp/
  6. https://www.govinfo.gov/content/pkg/USCOURTS-tned-1_16-cv-00496/pdf/USCOURTS-tned-1_16-cv-00496-0.pdf
  7. https://www.timesfreepress.com/news/2021/oct/29/erlanger-board/
  8. https://www.calhipaa.com/cyberattack-reported-by-oak-valley-hospital-dms-health-technologies-and-jordan-valley-community-health-center/
  9. https://ryortho.com/breaking/hospital-and-ortho-group-fight-back-against-cybercriminals/
  10. https://www.beckershospitalreview.com/legal-regulatory-issues/erlanger-health-sues-management-company-for-alleged-breach-of-contract.html
  11. https://www.timesfreepress.com/news/2023/sep/05/healthy-concern-chattanooga-cybersecurity-expert/
  12. https://casetext.com/case/vandergriff-v-erlanger-health-sys
  13. https://www.local3news.com/local-news/cyber-security-team-sees-rise-in-data-breaches-among-hospitals-schools-and-businesses/article_c279bf20-b101-11ee-b34e-2ff107f49193.html
  14. https://ryortho.com/breaking/ortho-surgeon-whistleblowers-sue-erlanger-health-system/
  15. https://www.erlangerbh.com/about/privacy-practices/
  16. https://www.chattanoogan.com/2005/10/24/74681/Erlanger-Agrees-To-Pay-40-Million-On.aspx
  17. https://www.reddit.com/r/Chattanooga/comments/12i680e/corruption_lies_and_greed_at_erlanger/?rdt=47095
Breach Submission Date Sep 18, 2023
Converted Entity Name Erlanger Health, Inc.
Converted Entity Type Healthcare Provider
State TN
Individuals Affected 2,753
Breach Type Hacking/IT Incident

Breach Information Location Other

Business Associate Present Yes