Cyberattack on Chattanooga Heart Institute, Maxillofacial & Implant Surgery, and Battle Mountain General Hospital

Over 547,000 People Impacted by The Chattanooga Heart Institute Cyberattack on April 2023

The Chattanooga Heart Institute has found out that its April 2023 cyberattack affected the personal data of an additional 136,000 individuals. also reported data breaches. The investigation revealed that its system was breached from March 8, 2023 to March 16, 2023, and on May 31, 2023, The Chattanooga Heart Institute stated that files were extracted from its system. The Karakurt threat group professed to be responsible for the attack.

The preliminary analysis of the impacted files showed in July 2023 that no less than 170,450 people were impacted. The institute sent notifications to those people, however, as the investigation continued it became apparent that the breach had more reach. In October 2023, the number of victims increased twofold to 411,383 persons, with extra notification letters distributed on October 5, 2023. More notifications were sent by mail on February 13, 2024, March 12, 2024, and March 27, 2024. 547,434 people in total were impacted.

Many persons who were recently informed concerning the breach were workers and their dependents. The breached data contained names, email addresses, mailing addresses, telephone numbers, birth dates, Social Security numbers, driver’s license numbers, account data, medical insurance data, diagnosis/condition details, laboratory results, prescription drugs, and other clinical, demographic, or financial details. Credit monitoring services were provided to the impacted persons.

Patient Data of Northern Virginia Oral, Maxillofacial & Implant Surgery Exposed in Cyberattack

Northern Virginia Oral, Maxillofacial & Implant Surgery (NOVA OMS) has informed 5,568 persons (including 4,333 patients) regarding the breach of some of their PHI in a cyberattack discovered on October 5, 2023. Based on the third-party forensic investigation, the personal data and protected health information may have been viewed and exfiltrated without consent between October 3, 2023, and October 6, 2023. The evaluation of the affected files was finished at the end of February, and the impacted people already received the mailed notification letters.

The information affected varied from person to person and possibly included names, medical records, health insurance details, driver’s license numbers, and other sensitive information, the particulars of which are contained in the individual notifications. Complimentary identity protection services have been provided to the impacted persons. NOVA OMS stated extra safeguards were put in place to avoid the same cases in the future and to comply with HIPAA.

3,000 People Have PHI Compromised in Battle Mountain General Hospital Cyberattack

Battle Mountain General Hospital located in Nevada has announced that the personal information and PHI of workers and patients were compromised and possibly stolen. On January 25, 2024, an unauthorized individual took advantage of a vulnerability and remotely accessed a staff workstation. The forensic investigation affirmed that the compromised information contained names, birth dates, addresses, Social Security numbers, medical records, and treatment data of patients and staff members. Around 3,000 people had their data compromised.

Battle Mountain General Hospital CEO Jason Bleak apologized for what happened and the pressure this incident may have caused on those impacted. Although data was exposed, no proof was identified that indicates that any of the breached information was shared, posted, or misused; nevertheless, as a safety measure, the affected people were offered complimentary credit monitoring and identity theft protection services.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at