The Chattanooga (Tenn.) Heart Institute identified a suspected cybersecurity attack on its IT network in April, and an investigation confirmed that an unauthorized third party accessed the network and obtained copies of confidential patient data.
On April 17, the Chattanooga Heart Institute recognized the hacking, secured its network, notified federal law enforcement and began an immediate investigation with external forensics assistance.
On May 31, the final discovery revealed that the third party acquired protected data by accessing the network between March 8 and March 16. However, the attackers did not directly access the practice's electronic medical record.
The information exposed in the attack included patient or guarantor names, mailing address, email, phone number, date of birth, driver's license number, Social Security number, account information, health insurance information, diagnosis and condition information, lab results, medications, and other clinical, demographic and financial information, according to a notice posted on the practice's website.
Letters notifying patients whose information may have been hacked will be sent in the upcoming weeks. Additionally, the Chattanooga Heart Institute is offering these patients free identity monitoring services.