Tennessee Heart Clinic Data Breach Impacted 170,000 Patients

The Chattanooga Heart Institute detected a cybersecurity breach on its IT network in April. Further research established that unauthorized outsiders had accessed the network and copied private patient information. As a result, 170,000 patients were impacted.

The Chattanooga Heart Institute discovered the hacking on April 17, protected its network, alerted federal criminal enforcement, and launched an emergency investigation with help from outside forensics. According to the final discovery, the third-party obtained protected data by accessing the network between March 8 and March 16, made public on May 31.

In a breach notice published on its website, the organization, which has three vascular surgeons and 27 cardiologists at four locations in Tennessee and one in Georgia, said a forensics investigation into the incident had revealed that an "unauthorized third party" had gained access to its network between March 8 and March 16 of the previous year.


Upon discovering the unauthorized third-party access, The Chattanooga Heart Institute took quick action to protect its systems, contain the incident, begin an investigation and maintain continuity of care.

- Clinic's Breach Notice

The attackers did not immediately access the practice's computerized medical record.

Information exposed in the attack included

  • Patient or Guarantor Names
  • Mailing Address
  • Email
  • Phone Number
  • Date of Birth
  • Driver's License Number
  • Social Security Number
  • Account Information
  • Health Insurance Information
  • Diagnosis and Condition Information
  • Lab Results
  • Medications
  • Other Clinical, Demographic, and Financial Information

In the following weeks, letters will be delivered to 170,000 patients whose data may have been compromised. These patients can also get free identity monitoring services from the Chattanooga Heart Institute.

According to the clinic, as each file is thoroughly reviewed, notification letters to anyone whose data may be affected will be delivered via U.S. mail.


Leave a reply

Your email will not be published. All fields are required.