We value the privacy and confidentiality of our patients. Regrettably, this notice is regarding two recent incidents that involved some of our patients’ health information.
The first incident, identified on August 24, 2018, occurred when an unauthorized user gained access to a CHOP physician’s email account on August 23, 2018. A second incident, uncovered on September 6, 2018, identified unauthorized access to an additional email account on August 29, 2018.
Once the unauthorized access was identified, CHOP immediately began an investigation with support from a leading forensic firm. The investigation determined that the email accounts contained some patient health information, which may have included patient name, date of birth, and clinical information related to neonatal and/or fetal care provided at CHOP or, in some instances, the Hospital of the University of Pennsylvania (HUP). These incidents affected a limited number of mothers and babies and did not include the Social Security numbers or financial and credit information of any patients or their parents.
While we are not aware of any actual or attempted misuse of patient information related to these incidents, on October 23, 2018, we mailed letters to patient families who had health information contained in these email accounts. We recommend potentially affected patients review the statements they receive from their healthcare providers. If they see services that were not received, they should contact the healthcare provider immediately. If you believe you or your child may have been affected by these incidents and do not receive a letter by November 15, 2018, then please call 1-800-643-9180 from 9 a.m. to 6 p.m. EST, Monday through Friday.
We deeply regret any concern or inconvenience these incidents may cause our patients and their families. To help prevent something like this from happening in the future, we are taking significant measures to provide enhanced levels of security for our email system.
Read the full press release.