The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

411,400 Patients Affected by Cyberattack on the Chattanooga Heart Institute

Posted By on Aug 2, 2023

The Chattanooga Heart Institute (CHI) in Tennessee has recently announced that it identified a cyberattack on its network on April 17, 2023. Action was immediately taken to prevent further unauthorized access and a third-party forensics vendor was engaged to investigate the incident and determine the nature and scope of the attack. The forensic investigation confirmed that unauthorized individuals gained access to its network between March 8, 2023, and March 16, 2023, and on May 31, 2023, the investigation confirmed that files containing sensitive patient data had been copied by the attackers.

CHI’s electronic medical record system was not compromised; however, the files removed from its system were found to contain names, mailing addresses, email addresses, phone numbers, birth dates, driver’s license numbers, Social Security numbers, account information, health insurance information, diagnosis/condition information, lab results, medications, and other clinical, demographic, or financial information. Notification letters will be sent to the affected individuals in the coming weeks and credit monitoring, fraud consultation, and identity theft restoration services will be offered.

The breach was recently reported to the Maine Attorney General and the HHS’ Office for Civil Rights in July as affecting up to 170,450 individuals. While CHI did not disclose which group was behind the attack, the Karakurt group has claimed responsibility for the attack. Karakurt is a relatively new threat group that has no qualms about attacking healthcare organizations. On October 6, 2023, the Chattanooga Heart Institute provided a supplemental breach notice to the Maine Attorney General confirming that 411,383 individuals had been affected – more than twice the number previously reported.

58,000 Individuals Affected by Cyberattack on Synergy Healthcare Services

Synergy Healthcare Services (SHS) in Atlanta, GA, has recently reported a data breach to the Maine Attorney General that has affected up to 58,034 individuals, including patients of its healthcare clients: Consulate Health Care, Raydiant Health Care, Independence Living Centers, and their affiliated care centers. The breach has since been reported to the HHS’ Office for Civil Rights as involving the protected health information of 25,772 individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The administrative service provider said suspicious activity was detected within its network in early December 2022, and the forensic investigation confirmed on December 15, 2022, that an unauthorized third party accessed parts of its computer network where personal health information was stored. A third-party data review company was provided with the files on December 22, 2022, and provided the results of the analysis to SHS on May 16, 2023.

The files contained information such as names, birthdates, signatures, insurance details, contact information, government identification numbers including driver’s licenses and Social Security numbers, medical history/treatment information, and financial information. Complimentary credit monitoring services have been offered to the affected individuals and steps have been taken to harden security to prevent similar incidents in the future.

Cheyenne Radiology Group & MRI Reports December 2022 Ransomware Attack

Cheyenne Radiology Group & MRI, P.C. (CRG), in Wyoming, has recently issued notifications to its patients about a ransomware attack that was discovered and stopped on December 12, 2022. According to the notification letters, the attack disabled some of its computer systems, and while data theft was not confirmed, the possibility that information was removed from its systems could not be ruled out. Third-party forensics specialists investigated the incident and confirmed that the files potentially accessed included names, mailing addresses, birth dates, Social Security numbers, driver’s license numbers, and health insurance information. CRG said it wiped and rebuilt all affected systems and has hardened security to prevent similar breaches in the future. The incident was recently reported to the Maine Attorney General as affecting up to 10,420 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist