Starr Insurance Discloses Ransomware Attack
The health insurance company Starr Insurance has disclosed a ransomware attack and data breach. Data breaches have also been reported by the medical imaging company Green Imaging and the AI-based care coordination provider Lena Health.
Starr Insurance
Starr Insurance, a Chambersburg, Pennsylvania-based insurance agency, has recently confirmed that hackers accessed parts of its computer network and potentially obtained a range of sensitive data. Suspicious network activity was identified on November 18, 2025. Assisted by third-party cybersecurity experts, Starr Insurance determined that an unauthorized actor accessed and copied files from its network on November 28, 2025.
The review of the affected data confirmed that the hacker obtained information such as names, addresses, Social Security numbers, driver’s license numbers, financial account information, payment card information, medical information, health insurance information, and online account access information. Regulators have been notified, and individual notification letters are being sent to the affected individuals. Starr Insurance has enhanced its policies and procedures relating to data protection and security.
At the time of issuing notifications, no attempted or actual misuse of patient data had been identified. Starr Insurance did not state if this was a ransomware attack; however, a ransomware group claimed responsibility for the breach. Akira, one of the most active ransomware groups, claimed to have stolen 15 gigabytes of data in the attack. Akira engages in double extortion, stealing data, encrypting files, and demanding a ransom be paid to obtain the decryption keys and prevent the publication of the stolen data. The stolen data was listed for download, indicating that the ransom was not paid. Based on the breach notice issued by Starr Insurance, complimentary credit monitoring and identity theft protection services do not appear to have been offered to the affected individuals. At the time of publication, the number of affected individuals has yet to be publicly disclosed.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Green Imaging
Green Imaging LLC, a full-service virtual medical imaging network with locations in all 50 U.S. states, has started notifying patients about a data security incident first identified on October 17, 2025. Suspicious activity was identified within its email environment, and the investigation confirmed unauthorized access to a single user’s email account between October 7, 2025, and October 17, 2025.
The review of the account has recently been completed, and the results have been validated. The types of information compromised in the incident vary from individual to individual and may include names in combination with one or more of the following: address, date of birth, Social Security number, driver’s license number, other government issued identification number, clinical/treatment information, diagnosis/condition, procedure type, physician information, medication, and other health and/or health insurance information.
Green Imaging has reviewed its policies and procedures related to data privacy and security and has taken steps to reduce the risk of similar incidents in the future. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
Bloom Circle, Inc. – Lena Health
Bloom Circle, Inc., doing business as Lena Health, a Houston, TX-based provider of an AI-based care coordination platform, has recently notified the HHS’ Office for Civil Rights about a data security incident involving the electronic protected health information of up to 3,651 patients. The exposed data was stored in a public cloud storage container (Amazon S3 bucket). A hacker exploited a vulnerability in December 2025, allowing data to be exfiltrated. A patch was available to address the vulnerability; however, it had not been applied quickly enough to prevent exploitation.
Data compromised in the incident included names, dates of birth, phone numbers, medical record numbers, health information, and recordings of phone calls between patients and providers, in which patients discussed their health issues. A threat actor – FulcrumSec – who engages in data theft and extortion, claimed responsibility for the hack. According to databreaches.net, most of the stolen data related to patients of its client, Houston Methodist Hospital in Texas.
