The email accounts of a few workers of Children’s Hospital of The King’s Daughters (CHKD) located in Norfolk, VA were compromised in a phishing attack.
CHKD mentioned in its August 10, 2021 breach notification that the attack happened on April 20, 2021. After discovering the breach, the hospital promptly secured the email environment and engaged third-party forensics professionals to inspect the breach and find out its nature and scope.
On June 11, 2021, CHKD identified the entire extent of the breach and confirmed unauthorized access. It performed an extensive assessment of all email messages and attachments to figure out the types of protected health information (PHI) that were likely exposed. On July 12, 2021, CHKD obtained the information of all persons impacted.
The types of PHI included in the email accounts are: complete name, birth date, medical insurance number, patient account number and/or other health-connected data, and, for some people, their Social Security number. As per CHKD, the types of information breached differed from person to person and there is no proof found that indicates the misuse of any personal data.
CHKD stated the breach affected a number of its patients and their guarantors, some patients of Sentara Norfolk General Hospital for whom CHKD supplied lab testing and analytical services, and also a number of student-athletes for whom CHKD gives athletic training assistance. CHKD is currently sending notification letters to all persons likely impacted by the breach.
Persons who had their Social Security number exposed are given free credit monitoring and identity theft protection services. CHKD mentioned more security procedures are being enforced to avoid additional phishing attacks.
Elekta Ransomware Attack Impacts Yale New Haven Health Services Corporation
Yale New Haven Health Services Corporation (YNHHS) has reported the potential compromise of the PHI of 14,603 cancer patients in the ransomware attack on Elekta, its software provider. No less than 40 healthcare companies were impacted by the ransomware attack, which compromised Elekta’s systems from April 2 to April 20, 2021.
(YNHHS) stated it was informed regarding the attack on May 26, 2021 and performed an internal investigation into the breach to find out which patients were impacted. The assessment showed that these types of data were likely breached: Names, telephone numbers, addresses, email addresses, Social Security numbers, locations of treatment, and preferred languages. A few people likewise had some financial data compromised.
People who had their financial data potentially affected will be given free credit monitoring services.