Over 547,000 People Impacted by The Chattanooga Heart Institute Cyberattack on April 2023
The Chattanooga Heart Institute has found out that its April 2023 cyberattack affected the personal data of an additional 136,000 individuals. also reported data breaches. The investigation revealed that its system was breached from March 8, 2023 to March 16, 2023, and on May 31, 2023, The Chattanooga Heart Institute stated that files were extracted from its system. The Karakurt threat group professed to be responsible for the attack.
The preliminary analysis of the impacted files showed in July 2023 that no less than 170,450 people were impacted. The institute sent notifications to those people, however, as the investigation continued it became apparent that the breach had more reach. In October 2023, the number of victims increased twofold to 411,383 persons, with extra notification letters distributed on October 5, 2023. More notifications were sent by mail on February 13, 2024, March 12, 2024, and March 27, 2024. 547,434 people in total were impacted.
Many persons who were recently informed concerning the breach were workers and their dependents. The breached data contained names, email addresses, mailing addresses, telephone numbers, birth dates, Social Security numbers, driver’s license numbers, account data, medical insurance data, diagnosis/condition details, laboratory results, prescription drugs, and other clinical, demographic, or financial details. Credit monitoring services were provided to the impacted persons.
Patient Data of Northern Virginia Oral, Maxillofacial & Implant Surgery Exposed in Cyberattack
Northern Virginia Oral, Maxillofacial & Implant Surgery (NOVA OMS) has informed 5,568 persons (including 4,333 patients) regarding the breach of some of their PHI in a cyberattack discovered on October 5, 2023. Based on the third-party forensic investigation, the personal data and protected health information may have been viewed and exfiltrated without consent between October 3, 2023, and October 6, 2023. The evaluation of the affected files was finished at the end of February, and the impacted people already received the mailed notification letters.
The information affected varied from person to person and possibly included names, medical records, health insurance details, driver’s license numbers, and other sensitive information, the particulars of which are contained in the individual notifications. Complimentary identity protection services have been provided to the impacted persons. NOVA OMS stated extra safeguards were put in place to avoid the same cases in the future and to comply with HIPAA.
3,000 People Have PHI Compromised in Battle Mountain General Hospital Cyberattack
Battle Mountain General Hospital located in Nevada has announced that the personal information and PHI of workers and patients were compromised and possibly stolen. On January 25, 2024, an unauthorized individual took advantage of a vulnerability and remotely accessed a staff workstation. The forensic investigation affirmed that the compromised information contained names, birth dates, addresses, Social Security numbers, medical records, and treatment data of patients and staff members. Around 3,000 people had their data compromised.
Battle Mountain General Hospital CEO Jason Bleak apologized for what happened and the pressure this incident may have caused on those impacted. Although data was exposed, no proof was identified that indicates that any of the breached information was shared, posted, or misused; nevertheless, as a safety measure, the affected people were offered complimentary credit monitoring and identity theft protection services.