The Chattanooga Heart Institute Pwned… 170K Patients Affected

The Chattanooga Heart Institute is notifying more than 170,000 patients that hackers may have stolen their personal and medical information in a cyberattack detected in April. The breach was claimed by the Karakurt cybercrime group a month later.

In their beach notice the clinic said that a forensics investigation into the incident had determined that hackers had access to its network between March 8th and March 16th, and on May 31 they learned that the hackers had obtained files from its systems containing copies of confidential patient information, and while medical information was among the data affected, the incident did not involve data directly from the clinic’s electronic medical record system.

The investigation is still ongoing, but the information identified as being compromised includes:

  • Name
  • Mailing address
  • Email address,
  • Phone number
  • Birthdate
  • Driver’s license number
  • Social Security number
  • Account information
  • Health insurance information
  • Diagnosis, medical condition
  • Lab results
  • Medications
  • Other clinical, demographic or financial information

Over the coming weeks as the review of each file is completed, the clinic will be sending out notification letters to those individuals whose data may have been involved.

Carol Volk, EVP, BullWall: (she/her):  

“Attackers will always find a way into the network. There is no set of preventative security tools that can prevent 100% of the attacks. While a strict defensive approach is worthwhile and critical, organizations would be wise to shift some of their effort to containing attacks once the perimeter has been breached. Encryption and exfiltration activities can be spotted and stopped, preventing a bad day from becoming a horrible day. A full cyber defense stack must prepare for this.”

This is a pretty bad hack as all the info that was obtained can lead to identity theft. Hopefully a full accounting of what happened and what will be done to protect the 170,000 patients who are affected by this will be disclosed.

Leave a Reply

%d bloggers like this: