The Chattanooga Heart Institute Doubles 2023 Cyberattack Victim Count
The Chattanooga Heart Institute in Tennessee has confirmed that the protected health information of 411,383 individuals was compromised in a cyberattack that was discovered on April 17, 2023. On July 28, 2023, the Chattanooga Heart Institute notified the HHS’ Office for Civil Rights and the Maine attorney general about the cyberattack, which was thought to have involved the protected health information of 170,450 individuals. A supplemental breach notification has now been sent to the Maine Attorney General, confirming the data breach was more extensive than the initial investigation suggested.
The investigation into the attack is ongoing, but it has now been confirmed that an unauthorized third party had access to its network between March 8 and March 16, 2023, and exfiltrated files containing patients’ protected health information. While its electronic medical record system remained secure, files were accessed and exfiltrated that contained information such as names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, diagnoses, lab results, conditions, medications, account information, and other clinical, demographic, and financial information.
The affected individuals have been offered complimentary credit monitoring services for 12 months, and steps have been taken to improve security to prevent further attacks. While the notification letters do not mention the group behind the attack, the Karakurt threat group claimed responsibility.
March 2024 Update: The total number of affected individuals has been revised, with 547,434 individuals now known to have been affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
NoEscape Ransomware Group Leaks Data from Attack on Mulkay Cardiology Consultants
The NoEscape ransomware group has leaked data allegedly stolen from Mulkay Cardiology Consultants in New Jersey. According to the listing, more than 60 GB of confidential and personal data was stolen in the attack, which includes the protected health information of 30,000 patients. The leaked data includes names, dates of birth, addresses, phone numbers, health insurance policy numbers, medical cards, medical records, access cards, driver’s licenses, Covid certificates, diagnostic data, and other confidential information. The listing includes sample images and 2.43 GB of downloadable data.
NoEscape is a relatively new ransomware group that first appeared in May 2023. The Health Sector Cybersecurity Coordination Center recently issued a NoEscape Analyst Note about the group that includes details of its tactics, techniques, and procedures, and best practices for hardening security. Mulkay Cardiology Consultants informed the HHS’ Office for Civil Rights that the breach involved the protected health information of up to 79,582 patients.
