PHI Exposed in Phishing Attack on Children’s Hospital of The King’s Daughters

The email accounts of a small number of employees of Children’s Hospital of The King’s Daughters (CHKD) in Norfolk, VA have been compromised in a phishing attack.

CHKD explained in an August 10, 2021 breach notification that the phishing attack occurred on April 20, 2021. Upon discovery of the breach, the email environment was immediately secured and third-party forensics experts were engaged to investigate to determine the nature and scope of the breach.

On June 11, 2021, the full scope of the breach and unauthorized access was determined and a comprehensive review of all emails and attachments was conducted to determine the types of protected health information that had potentially been compromised. On July 12, 2021, CHKD was provided with details of all individuals affected.

The email accounts contained the following types of protected health information: Full name, date of birth, patient account number, health insurance number, and/or other health related information and, for a limited number of individuals, their Social Security number. CHKD said the types of data exposed varied from individual to individual and no evidence has been found to suggest any personal information has been, or will be, misused.

CHKD said the breach affected some of its patients and their guarantors, certain patients of Sentara Norfolk General Hospital for whom CHKD provided laboratory testing and diagnostic services, as well as some student athletes for whom CHKD provides athletic training services. Notification letters are now being sent to all individuals potentially affected by the breach.

Individuals whose Social Security number was compromised are being offered complimentary credit monitoring and identity theft protection services. CHKD said additional security measures are being implemented to prevent further phishing attacks.

Catholic Health Confirms It was Affected by CaptureRx Data Breach

Buffalo, NY-based Catholic Health has confirmed it has been affected by a cyberattack on the third-party pharmaceutical software provider CaptureRx.

Catholic Health said it was notified on June 3, 2021 by CaptureRx that the protected health information of patients of its Mount St. Mary’s and Sisters of Charity hospitals had been exposed in the breach. CaptureRx said its investigation confirmed that the cyberattack started on February 6, 2021, and it learned on March 19 that the protected health information of its customers had been compromised in the attack.

Catholic Health said the following types of information were potentially compromised: Name, date of birth, and prescription data. CaptureRx will be sending notification letters to affected individuals.

Catholic Health has reported the breach to the HHS’ Office for Civil Rights as affecting 17,002 patients.

Yale New Haven Health Services Corporation Impacted by Elekta Ransomware Attack

Yale New Haven Health Services Corporation (YNHHS) has announced the protected health information of 14,603 cancer patients was potentially compromised in a ransomware attack on its software vendor Elekta. At least 40 healthcare providers were affected by the attack, which saw Elekta’s systems compromised between April 2 and April 20, 2021.

(YNHHS) said it was notified about the attack on May 26, 2021 and conducted an internal investigation into the breach to determine which patients had been affected. The review revealed the following types of information had potentially been compromised: Names, addresses, phone numbers, emails, Social Security numbers, treatment locations, and preferred languages. A small number of individuals also had some financial information exposed.

Individuals whose financial information was potentially compromised will be offered complimentary credit monitoring services.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.