The Chattanooga Heart Institute Saturday revised the estimated number of victims from 413,236 to 547,434 following a March 2023 cyber attack. The stolen records contain sensitive patient data including Social Security numbers, financial account numbers, diagnoses, health insurance info, and more, putting victims at risk of identity theft and health benefits fraud.
CHI says unauthorized parties accessed its network between March 8, 2023 and March 16, 2023, and again on May 31, 2023. CHI discovered the attack on April 17, 2023, citing an “external system breach.” The Karakurt group claimed responsibility for the attack.
This is not the first time CHI has upped the victim count from this attack. Originally, it reported the breach affected 170,450 individuals. In August 2023, it issued a supplemental notice increasing that number to 411,383 people. In total, additional breach notifications have been sent out on three occasions since the original notice sent July 28, 2023.
Comparitech contacted CHI’s lawyer for comment and will update this article if we get a response.
The compromised data contained the following information
- Names
- Social Security numbers
- Financial Account Number or Credit/Debit Card Number (in combination with Security code, access code, password or PIN for the account)
- Health insurance information
- Diagnosis and condition information
- Lab results
- Medications
- Mailing addresses
- Email addresses
- Phone numbers
- Birth dates
- Driver’s license numbers
- Clinical info
- Demographic info
We advise victims take advantage of the 12 months of free credit monitoring being offered by CHI through Epiq. Keep an eye on your account statements, credit report, and medical bills for suspicious activity. If your debit or credit card number was compromised, then get it replaced.
Who is Karakurt?
The Karakurt group, also known as Karakurt Team or Karakurt Lair, specializes in stealing data. It notably does not deploy ransomware that encrypts files. Instead, it steals data and threatens to sell it or release it to the public if the victim doesn’t pay. Ransom demands range from $25,000 to $13 million, according to CISA.
Karakurt breaks into systems by purchasing stolen login credentials or by exploiting known software vulnerabilities.
In April 2022, Bleeping Computer reported it found evidence demonstrating that Karakurt is part of the same operation as the Conti ransomware group.
About the Chattanooga Heart Institute
The Chattanooga Heart Institute is a group of clinics specializing in cardiology. It operates clinics in Chattanooga, Cleveland, Hixson, and Jasper in Tennessee, and in Ringgold, Georgia.
The attack on the Chattanooga Heart institute was the eighth biggest attack on a US healthcare organization by a ransomware group in 2023. We recorded 121 ransomware attacks on US healthcare organizations in 2023, affecting nearly 17.5 million records in total. That’s up from 83 attacks affecting 14 million records in 2022.
The biggest attacks on US healthcare in 2023 were:
- Norton Healthcare – 2,500,000 records, no ransom paid, hit by ALPHV/BlackCat
- Integris Health – 2,385,646 records, no ransom paid. After refusal, hackers contacted victims directly and demanded $50 each for their data
- McLaren Health Care – 2,192,515 records, hit by ALPHV/BlackCat
- Tampa General Hospital – 1,200,000 records, no ransom paid
- Transformative Healthcare – 911,757 records, hit by ALPHV/BlackCat. This affected Fallon Ambulance Services, a subsidiary of Transformative Healthcare that has ceased operations.
- Fred Hutchinson Cancer Center – 890,959 records. Hackers contacted patients and demanded $50 in ransom to delete their data here too. Hunters International claimed responsibility.
- Murfreesboro Medical Clinic – 559,000 records. Shut down for 2 weeks with disruptions ongoing 3 weeks later. No ransom paid. BianLian behind the attack.