PHI Exposed in Breaches Affecting Children’s Hospital of The King’s Daughters and Catholic Health

The email accounts of some employees of Children’s Hospital of The King’s Daughters (CHKD) based in Norfolk, VA were compromised in a phishing attack.

CHKD stated in its August 10, 2021 breach notification that the phishing attack occurred on April 20, 2021. Upon being aware of the breach, the hospital immediately secured the email system and called in third-party forensics specialists to look into the breach and know its nature and scope.

On June 11, 2021, CHKD determined the complete extent of the breach and confirmed unauthorized access. It did a detailed review of all emails and file attachments to find out the types of protected health information (PHI) that were potentially breached. On July 12, 2021, CHKD received the details of all people affected.

The types of PHI contained in the email accounts are the following: Full name, date of birth, health insurance number, patient account number and/or other health associated details and, for a few persons, their Social Security number. According to CHKD, the types of data breached varied from one individual to another and there is no evidence found that suggest the misuse of any personal information.

CHKD mentioned the breach impacted a few of its patients and their guarantors, selected patients of Sentara Norfolk General Hospital for whom CHKD offered laboratory testing and diagnostic services, along with a few student-athletes for whom CHKD offers athletic training services. CHKD is now sending notification letters to all people possibly affected by the breach.

People who had their Social Security number compromised are provided complimentary credit monitoring and identity theft protection services. CHKD stated further security measures are being put in place to prevent other phishing attacks.

Catholic Health Reports the Impact of the CaptureRx Data Breach

Catholic Health based in Buffalo, NY has reported that it was impacted by the cyberattack on CaptureRx, a third-party pharmaceutical software program company.

Catholic Health stated it was informed by CaptureRx on June 3, 2021 that the PHI of its Mount St. Mary’s and Sisters of Charity hospitals’ patients were compromised in the incident. CaptureRx mentioned that its investigation affirmed that the cyberattack began on February 6, 2021, and it found out on March 19 that the PHI of its clients had been affected by the attack.

Catholic Health stated that these types of data were possibly exposed: Name, birth date, and prescription information. CaptureRx is going to be sending notification letters to impacted people.

Catholic Health has submitted the breach report to the HHS’ Office for Civil Rights and indicated that 17,002 patients were affected.

About Christine Garcia 1303 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at