Erlanger anesthesia patient data sent to unauthorized billing vendor

Chattanooga, Tenn.-based Erlanger Health System is notifying patients of Erlanger Western Carolina Hospital in Murphy, N.C., that their protected health information was sent to an unauthorized billing partner.

Erlanger discovered the issue on May 13, according to a breach notification posted to the health system’s website.

An investigation found that data belonging to Erlanger Western Carolina patients who received anesthesia care was included in information sent to the billing partner used by the anesthesia group that serves Erlanger’s Tennessee campuses. Erlanger Western Carolina uses a separate anesthesia group, meaning the data was routed to the wrong vendor. The information was transmitted between July 1, 2025, and May 27, 2026.

Data potentially exposed includes patient names, birth dates, medical record numbers, mailing addresses, email addresses, phone numbers, internal hospital account numbers, insurance information, guarantor names and contact details, dates of service, and limited medical information tied to surgical care, including operative notes. Social Security numbers were not included. Erlanger said not every affected individual had the same combination of data elements exposed.

Erlanger said it has no evidence of any improper use of the information and has reported the incident to regulators.

This is the second data incident involving Erlanger Western Carolina Hospital in roughly two years, following a 2024 breach at a debt collection vendor that exposed information on more than 3,100 patients.

Leave a Reply

Your email address will not be published. Required fields are marked *