HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Lubbock Heart & Surgical Hospital and NorthStar Healthcare Consulting Disclose Cyberattacks

Lubbock Heart & Surgical Hospital in Texas has recently announced it was the victim of a hacking incident that resulted in disruption to the operations of some of its IT systems. The cyberattack was detected by the hospital on July 12, 2022, and immediate action was taken to contain the incident and prevent further unauthorized access, and forensics experts were engaged to determine the nature and scope of the attack. The investigation confirmed its systems were accessed by the attackers between July 11 and July 12, but it was not possible to determine if any files containing patient information had been accessed or copied from its systems.

The files potentially accessed included patient information such as names, contact information, demographic information, dates of birth, Social Security numbers, diagnosis and treatment information, prescription information, medical record numbers, provider names, dates of service, and health insurance information.

Lubbock Heart & Surgical Hospital said security safeguards and technical measures have been enhanced to prevent further security incidents. Notification letters were sent to the 23,379 affected individuals on September 9, 2022. Complimentary credit monitoring and identity theft protection services have been offered to individuals who had their Social Security numbers exposed.

NorthStar Healthcare Consulting Data Breach Affects 18,354 Patients

Alpharetta, GA-based NorthStar Healthcare Consulting, a business associate supporting Optum Rx, which provides pharmacy benefit management services to the Georgia Department of Community Health, Medical Assistance Plans Division, has reported a breach of an employee email account and the exposure of sensitive patient information.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

According to the breach notice submitted to the Vermont Attorney General, suspicious activity was detected in the email account on April 20, 2022. Third-party forensic investigators were engaged to investigate the incident which confirmed the email account had been accessed by an unauthorized individual, but it was not possible to confirm which, if any, emails containing protected health information had been accessed, or if emails had been copied. The investigation concluded on July 15, 2022, and work began on obtaining up-to-date contact information to issue notifications.

NorthStar Healthcare Consulting said the emails contained names, addresses, birth dates, Medicaid numbers, medication names, prescriber names, and appeal numbers, and for a limited number of patients, brief notes on diagnosis and related symptoms. NorthStar Healthcare Consulting said steps have been taken to improve email security and complimentary credit monitoring and identity theft protection services have been offered to affected individuals.

The incident has been reported to the HHS’ Office for Civil Rights as affecting 18,354 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.