On November 20, 2018, Chaplaincy Health Care became aware of an email account breached by an unknown individual. On the day of the breach, Chaplaincy Health Care was able to take immediate action and changed the user account password, limiting the breach to approximately four hours. Chaplaincy Health Care is notifying the individuals potentially impacted by this event so that they can take action to monitor and protect their information, along with the organization’s efforts and resources being provided.
Chaplaincy Health Care hired a computer forensics firm to help with the investigation. The breach was isolated to one email account. No medical records systems or donor records were impacted by the breach. While it is not possible to identify which, if any, emails were seen, it was found that they may have included the patients’ name, date of birth, medical record number, masked social security numbers (xxx-xx-1234), prescriptions, dates of service and home address. Complete social security numbers, financial records, and credit card information were not included in the emails.
Chaplaincy Health Care takes the security of all information very seriously and is taking steps to prevent a similar event from occurring in the future. This includes providing additional employee training and testing emphasizing the need to safeguard sensitive information and enabling two-factor authentication protocols.
“Chaplaincy Health Care sincerely apologizes for the inconvenience and the concern this incident has caused” stated Gary Castillo, Executive Director. “Information security is very important to us and we will continue to do everything we can to fortify our operational protections for our patients and their families.”
Chaplaincy Health Care mailed letters on January 3, 2019 to the individuals potentially impacted by this event. This letter includes information about the incident, and steps that potentially impacted individuals can take to monitor and protect their information. Identity protection and credit monitoring at no cost is being offered through LifeLock to individuals potentially impacted. A toll-free number (855) 659-8793 and email address (privacy@chaplaincyhealthcare.org) have been established to answer questions. For a list of frequently asked questions, please click here.