PHI Compromised in Breaches Impacting Children’s Hospital of The King’s Daughters and Yale New Haven Health Services Corporation

by

The email accounts of a few workers of Children’s Hospital of The King’s Daughters (CHKD) located in Norfolk, VA were compromised in a phishing attack.

CHKD mentioned in its August 10, 2021 breach notification that the attack happened on April 20, 2021. After discovering the breach, the hospital promptly secured the email environment and engaged third-party forensics professionals to inspect the breach and find out its nature and scope.

On June 11, 2021, CHKD identified the entire extent of the breach and confirmed unauthorized access. It performed an extensive assessment of all email messages and attachments to figure out the types of protected health information (PHI) that were likely exposed. On July 12, 2021, CHKD obtained the information of all persons impacted.

The types of PHI included in the email accounts are: complete name, birth date, medical insurance number, patient account number and/or other health-connected data, and, for some people, their Social Security number. As per CHKD, the types of information breached differed from person to person and there is no proof found that indicates the misuse of any personal data.

CHKD stated the breach affected a number of its patients and their guarantors, some patients of Sentara Norfolk General Hospital for whom CHKD supplied lab testing and analytical services, and also a number of student-athletes for whom CHKD gives athletic training assistance. CHKD is currently sending notification letters to all persons likely impacted by the breach.

Persons who had their Social Security number exposed are given free credit monitoring and identity theft protection services. CHKD mentioned more security procedures are being enforced to avoid additional phishing attacks.

Elekta Ransomware Attack Impacts Yale New Haven Health Services Corporation

Yale New Haven Health Services Corporation (YNHHS) has reported the potential compromise of the PHI of 14,603 cancer patients in the ransomware attack on Elekta, its software provider. No less than 40 healthcare companies were impacted by the ransomware attack, which compromised Elekta’s systems from April 2 to April 20, 2021.

(YNHHS) stated it was informed regarding the attack on May 26, 2021 and performed an internal investigation into the breach to find out which patients were impacted. The assessment showed that these types of data were likely breached: Names, telephone numbers, addresses, email addresses, Social Security numbers, locations of treatment, and preferred languages. A few people likewise had some financial data compromised.

People who had their financial data potentially affected will be given free credit monitoring services.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone