PHI Exposed in Phishing Attack on Children’s Hospital of The King’s Daughters

HIPAA Journal

Steve Alder

The email accounts of a small number of employees of Children’s Hospital of The King’s Daughters (CHKD) in Norfolk, VA have been compromised in a phishing attack.

CHKD explained in an August 10, 2021 breach notification that the phishing attack occurred on April 20, 2021. Upon discovery of the breach, the email environment was immediately secured and third-party forensics experts were engaged to investigate to determine the nature and scope of the breach.

On June 11, 2021, the full scope of the breach and unauthorized access was determined and a comprehensive review of all emails and attachments was conducted to determine the types of protected health information that had potentially been compromised. On July 12, 2021, CHKD was provided with details of all individuals affected.

The email accounts contained the following types of protected health information: Full name, date of birth, patient account number, health insurance number, and/or other...

Get the Morning Update

Thanks for subscribing!