Patients and former patients of the Chattanooga Heart Institute, also known as Memorial Heart Institute, face a hard July 13 deadline to file claims for up to $5,500 in documented losses tied to a 2023 data breach that exposed personal health information belonging to more than 411,000 people. The breach, which occurred on March 8, 2023, went undetected for nearly three months before the institute discovered it on May 31, 2023. A $3.75 million settlement now gives affected individuals a narrow window to seek reimbursement, but the clock is running out.
Why the $5,500 claim window is closing fast
The breach exposed protected health information, or PHI, for 411,383 individuals across multiple states. The institute first notified affected individuals on July 28, 2023, then issued a second round of notifications on October 6, 2023, according to the Maine registry. That filing also confirmed 47 Maine residents were among those affected, though the vast majority of victims are located in Tennessee and surrounding states served by the Chattanooga-based cardiology practice.
The gap between the breach date and its discovery, nearly 85 days, left personal data exposed for an extended period. During that time, sensitive medical records and identifying information sat vulnerable to misuse. For patients, the practical risk translates into potential identity theft, fraudulent medical billing, and unauthorized use of insurance credentials. The $5,500 per-person cap on documented out-of-pocket losses is the maximum an individual can recover under the class settlement for expenses like credit monitoring, bank fees from fraud, and time spent addressing the fallout.
While the settlement does not guarantee that every claimant will receive the full $5,500, it creates a structured way to seek compensation. Payments will depend on the number of valid claims filed, the amount of documented losses each person can show, and the overall size of the settlement fund after administrative and legal costs. People who do not submit claims by the July 13 deadline will generally lose the chance to be reimbursed for breach-related expenses through this settlement, even if they were notified that their information was compromised.
How the $3.75 million settlement and federal breach record connect
Memorial Heart Institute agreed to resolve the resulting class action lawsuit for $3.75 million, as reported by Bloomberg Law. That settlement fund is the source of the individual claims now available to breach victims. The per-person maximum of $5,500 applies to claimants who can document specific financial harm directly caused by the breach, such as unreimbursed charges, professional fees for identity restoration, or costs tied to freezing and monitoring credit.
The incident also appears in the federal regulatory record. The HHS breach portal tracks all reported breaches of unsecured protected health information affecting 500 or more individuals, and healthcare entities are required by law to notify the Secretary of HHS when such incidents occur. The Chattanooga Heart Institute’s breach, affecting well over 400,000 people, placed it among the larger healthcare data incidents reported in 2023 and underscores the scale of exposure facing the cardiology group’s patients.
For anyone who received a notification letter in mid-2023 or early fall of that year, the settlement claim form and July 13 deadline are the direct next steps. Individuals who believe they were affected but did not receive a letter should check whether their records were held by the Chattanooga Heart Institute or its affiliated Memorial Heart Institute practice during or before March 2023, and then review the settlement website or contact the claims administrator for guidance on eligibility.
Open questions about the breach scope and what to do first
Despite the settlement, some details about the breach remain unclear to patients. Public filings confirm the dates of unauthorized access and the number of individuals affected, but many people still do not know precisely which pieces of their information were exposed or whether any misuse has already occurred. For some, the notification letters described categories of data such as names, contact details, dates of birth, and medical information, but did not always specify whether Social Security numbers, financial account data, or insurance identifiers were involved in their particular case.
Those uncertainties make it especially important for patients to act methodically. The first step is to locate any notification letter or email received from Chattanooga Heart Institute or Memorial Heart Institute in 2023 and read it closely, paying attention to the description of what may have been accessed. Next, patients should gather documentation of any suspicious activity since March 2023, including unexplained medical bills, new credit inquiries, or insurance claims they do not recognize.
When completing a claim, individuals should organize receipts, bank or credit card statements, invoices from credit monitoring or identity theft protection services, and records of professional help they may have hired to respond to the breach. Many settlements also allow compensation for time spent dealing with the incident, so keeping a simple log of phone calls, letters, and account reviews can strengthen a claim, subject to the limits in the settlement agreement.
Even for those who have not yet seen signs of fraud, the breach is a reminder to remain vigilant. Patients are encouraged to review credit reports, monitor explanation-of-benefits statements from insurers, and promptly dispute any unfamiliar charges or accounts. Filing a claim before the July 13 deadline does not prevent someone from taking additional steps later, such as placing fraud alerts or security freezes with major credit bureaus, if new issues emerge.
With the settlement fund now in place and the deadline approaching, current and former patients of the Chattanooga Heart Institute have a limited opportunity to seek reimbursement for the tangible costs of a breach that unfolded largely out of public view. The decision to file a claim may not erase the anxiety of having health information exposed, but it can help offset the financial burden of protecting against long-term risks tied to the 2023 incident.