Starling Physicians Email Breach Impacts 7,777 Patients

Rocky Hill, CT-based Starling Physicians has started notifying 7,777 patients that some of their protected health information was stored in email accounts that were found to have been accessed by an unauthorized individual.

A breach of its email environment was detected on or around July 7, 2020. A comprehensive review was conducted to determine the extent of the breach and whether any patient data had been accessed. While evidence of PHI access was not found, it was not possible to rule out unauthorized data access.

Emails and email attachments were found to include names along with some of the following data elements: Dates of birth, medical record numbers, patient account numbers, diagnostic information, healthcare provider information, prescription information, and treatment information. A small number of affected individuals also had their address, social security number, and/or Medicare/Medicaid ID number exposed.

Starling Physicians is strengthening its cybersecurity defenses to prevent similar data security events in the future.

Advocate Aurora Health Notifies 2,979 Patients About PHI Exposure

Advocate Aurora Health has discovered paper and other hard copy files were exposed at Aurora Medical Center – Bay Area in Wisconsin during preparations to sell the facility and may have been accessed by unauthorized individuals.

A review of the files revealed they contained the personal and protected health information of 2,979 patients. The facility had not been used as a hospital since August 2018, but there were limited public uses of the building after that date, during which information may have been viewed.

The exposed files contained patients’ first and/or last names, date of birth; phone number; address; emergency contact information, Social Security number, medical record number, gender, height and weight, dates of service, exam or lab results, diagnoses, medications, employer information, and/or health insurance information.

The files have now been secured and affected individuals have been notified and offered a 12-month complimentary membership to Experian’s IdentityWorksSM service.

Moffitt Cancer Center Patients Notified about Theft of Unencrypted Storage Devices

  1. Lee Moffitt Cancer Center and Research Institute in Tampa is notifying 4,056 patients that two unencrypted storage devices and paperwork containing protected health information have been stolen.

The USB devices and paperwork were in a briefcase which was stolen from the vehicle of a physician on July 2, 2020. A review of the devices and paperwork confirmed they contained limited protected health information such as patient names, dates of birth, medical record numbers and/or information about the services received at Moffitt.

Staff have been re-educated on securing patient data, the use of USB devices is being reviewed, and auto-encryption processes are being refined to ensure all patient information is secured. Moffitt Cancer Center is unaware of any attempted misuse of patient data.

Lost Hard Drive Contained the PHI of INTEGRIS Baptist Medical Center Patients

INTEGRIS is notifying certain patients that some of their protected health information was stored on a portable hard drive that was lost during an on-campus office move. The hard drive was discovered to be missing on October 17, 2029. A thorough search was conducted but the hard drive could not be located.

A backup copy of the data on the hard drive was located and analyzed and was found to contain the information of certain patients who had previously received medical services at INTEGRIS Baptist Medical Center Portland Avenue in Oklahoma City, formerly known as Deaconess Hospital. The data on the drive was limited to patients’ names, Social Security numbers, and limited clinical information.

Affected individuals have been offered a complimentary one-year membership of Experian’s IdentityWorksSM Credit 3B service.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.