The Chattanooga Heart Institute

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Overview of the Chattanooga Heart Institute Data Breach

The Chattanooga Heart Institute (CHI) in Tennessee experienced a significant cybersecurity incident, which was first identified on April 17, 2023. This breach involved unauthorized access to CHI’s network between March 8, 2023, and March 16, 2023. The investigation revealed that an unauthorized third party obtained copies of some data from CHI’s systems, which contained confidential patient information. The data compromised in this breach includes names, mailing addresses, email addresses, phone numbers, dates of birth, driver’s license numbers, Social Security numbers, account information, health insurance information, diagnosis/condition information, lab results, medications, and other clinical, demographic, or financial information[1][3][5].

Immediate Response and Actions Taken

Upon discovering the breach, CHI took immediate steps to secure its network and initiated an investigation with the help of an external forensics vendor. The institute also notified federal law enforcement and isolated impacted systems for investigation. Once secured, systems were returned to the network with additional security and monitoring tools. CHI has committed to completing a thorough forensic investigation of the incident[1].

Impact and Notification

It is estimated that up to 170,450 patients could be affected by this cyberattack[3]. CHI is in the process of identifying which individuals’ information may have been involved and has begun sending out notification letters by US mail to those potentially impacted. These letters provide details on the information compromised and offer identity monitoring services at no cost, including Credit Monitoring, Fraud Consultation, and Identity Theft Restoration, through Equifax[1].

Legal and Community Response

Following the breach announcement, two separate federal class-action lawsuits were filed against CHI, alleging that the facility failed to notify customers of the data breach in a timely manner. These lawsuits are calling for damages and for CHI to pay for credit monitoring services for 10 years[11]. Additionally, a law firm has initiated an investigation into CHI with respect to the data breach[9].

Recommendations for Affected Individuals

CHI advises all patients to review their healthcare statements for accuracy and report any discrepancies. Further protective steps include those recommended by the Federal Trade Commission regarding identity theft protection, such as placing a fraud alert or a security freeze on credit files[1].

Conclusion

The Chattanooga Heart Institute is actively working to address the consequences of this cybersecurity incident and has taken steps to enhance its network security to prevent similar events in the future. Affected individuals are encouraged to take advantage of the identity monitoring services provided and remain vigilant in monitoring their personal information for any signs of unauthorized use[1][3][5].

Citations:

  1. https://www.chattanoogaheart.com/the-chattanooga-heart-institute-notice-of-data-security-incident/
  2. https://www.heart.org
  3. https://www.hipaajournal.com/170450-cyberattack-the-chattanooga-heart-institute/
  4. https://www.mayoclinic.org
  5. https://www.jdsupra.com/legalnews/the-chattanooga-heart-institute-4163755/
  6. https://www.piedmont.org
  7. https://newschannel9.com/news/local/chattanooga-heart-institute-warns-customers-hackers-stole-some-patient-data-breach-sensitive-information-credit-monitoring
  8. https://www.chattanoogan.com/2024/2/13/482653/Usher-s-Rise-To-A-Super-Bowl-Throne.aspx
  9. https://www.chattanoogan.com/2023/8/2/472696/Law-Firm-Investigating-Chattanooga.aspx
  10. https://hcahealthcare.com
  11. https://newschannel9.com/news/local/2-separate-class-action-lawsuits-filed-against-chattanooga-heart-institute-over-recent-data-breach
  12. https://www.chattanoogan.com/2024/2/13/482631/232-Apartments-Get-OK-Near-Lee-Highway.aspx
  13. https://thehipaaetool.com/chattanooga-heart-institute-breach-list-doubles/
  14. https://www.wdrb.com/sports/bozich-louisville-disappears-in-second-half-of-89-77-loss-at-boston-college/article_388190d2-cae6-11ee-b542-7b34fe448d47.html
  15. https://www.timesfreepress.com/news/2023/aug/01/chattanooga-heart-institute-investigating/
  16. https://www.wkrn.com/weather-headlines/tn-forecast-strong-storms-followed-by-snow/
Breach Submission Date Jul 28, 2023
Converted Entity Name The Chattanooga Heart Institute
Converted Entity Type Healthcare Provider
State TN
Individuals Affected 170,450
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes