Children’s Hospital of Philadelphia victimized twice by phishing attacks

Children’s Hospital of Philadelphia has reported two data breaches that occurred in August and September of 2018.

The hospital on August 24 discovered that hacker had accessed a physician’s email account on August 23 via a phishing attack. A second breach found on September 6 revealed unauthorized access to an additional email account on August 29.

The organization began an investigation with a forensics firm and found that compromised data could have included patient names, dates of birth and clinical information in the neonatal and/or fetal care units, affecting the children and parents. Financial and credit information as well as Social Security numbers were not affected.

Also See: Email phishing attack compromises data of respiratory care provider

“While CHOP is not aware of any actual or attempted misuse of patient information related to these incidents, on October 23, 2018, letters were mailed to patient families whose information was contained in these email accounts,” the hospital informed patients and families. “Potentially affected patients are advised to carefully review the statements they receive from their healthcare providers. If they see services that were not received, they should contact their healthcare provider immediately.”

Children's Hospital in Philly.jpg

The hospital established a call center for affected individuals and expressed regret for any concern or inconvenience the incidents may have caused.

In a statement to Health Data Management, the hospital said a limited number of mothers and babies were affected but the hospital is not able to confirm a specific number.

In the aftermath of the breaches, Children’s Hospital of Philadelphia is significantly enhancing the levels of security for the email system.

For reprint and licensing requests for this article, click here.