On April 17, 2023, The Chattanooga Heart Institute identified indications of a cybersecurity attack on its IT network. The Chattanooga Heart Institute immediately took steps to secure its network and began an investigation with the assistance of an external forensics vendor. The investigation determined that an unauthorized third party gained access to The Chattanooga Heart Institute’s network between March 8, 2023, and March 16, 2023. On May 31, 2023, The Chattanooga Heart Institute learned that the unauthorized third party obtained copies of some of the data from its systems containing confidential patient information. It is important to note, however, that the unauthorized third party did not retrieve data directly from The Chattanooga Heart Institute’s Electronic Medical Record (EMR).
While The Chattanooga Heart Institute continues to complete an extensive review of the files involved, the investigation found that the unauthorized third party may have accessed or acquired some information related to The Chattanooga Heart Institute patients or their guarantors. The information in the files may have included name, mailing address, email address, phone number, date of birth, driver’s license number, Social Security number, account information, health insurance information, diagnosis/condition information, lab results, medications and other clinical, demographic or financial information.
Upon discovering the unauthorized third-party access, The Chattanooga Heart Institute took quick action to protect its systems, contain the incident, begin an investigation and maintain continuity of care. In addition, The Chattanooga Heart Institute notified federal law enforcement. Once secured, systems were returned to the network with additional security and monitoring tools.
Notification letters to individuals whose data may be involved will begin to be sent out by US mail over the coming weeks as the detailed review of each file is completed. To help relieve concerns and restore confidence following this incident, The Chattanooga Heart Institute has secured the services of Equifax to provide identity monitoring at no cost to individuals whose data may be involved. These identity monitoring services, as described in more detail in the individual notification letters being provided to affected individuals, include Credit Monitoring, Fraud Consultation and Identity Theft Restoration.
The Hidden Risks of QAC Disinfectants in Healthcare Facilities
Sprinkler Compliance: Navigating Code Mandates, Renovation Triggers and Patient Safety
Baptist Health Acquires South Arkansas Regional Hospital
Wider View: Planning LED Upgrades Across a Healthcare Portfolio
Cone Health Plans Hospital in Forsyth County of North Carolina