Starling Physicians has begun contacting 7,777 patients to make them aware that a portion of their protected health information may have been accessed by an unauthorized person.
The breach was discovered at the beginning of July and an in depth investigation was initiated. No evidence was uncovered to suggest PHI had been illegally accessed, although it was not possible to rule out unauthorized access to data theft.
Some of the data breached included names, birth dates, medical record numbers, patient account details, diagnostic data, healthcare provider information, prescription information, and treatment information. A small number of affected individuals also had their address, social security number, and/or Medicare/Medicaid ID numbers exposed.
In response to the breach, Starling Physicians is bolstering its cybersecurity defenses to stop similar data breaches going forward.
Meanwhile in Wisconsin, Advocate Aurora Health has identified a data breach where paper and other hard copy files were exposed at its Aurora Medical Center. This happened when the facility was being prepared to be sold. A review of the exposed paperwork showed it included the personal and protected health information of 2,979 patients. The facility had not been in use as a hospital since August 2018, but there were restricted public uses of the building during which the paperwork could have been accessed. The files in question have now been secured and impacted individuals have been made aware of the potential breach and have been offered a 12-month free membership to Experian’s IdentityWorksSM service.
Integris is contacting patients to inform them that some of their protected health information was held stored on a portable hard drive that went missing. This occurred during an on-campus office move. The hard drive was noticed missing on October 17, 2029. A thorough search was conducted but the hard drive could not be found.
A backup copy of the data on the hard drive was identified and found to include the details of certain patients who had previously received medical services at INTEGRIS Baptist Medical Center Portland Avenue in Oklahoma City, formerly called Deaconess Hospital. Impacted patients have been offered a free one-year membership of Experian’s IdentityWorksSM Credit 3B service.
Finally, Lee Moffitt Cancer Center and Research Institute in Tampa is getting in touch with 4,056 patients to make them aware that two unencrypted storage devices and paperwork containing protected health information have been stolen. The USB devices and paperwork were being transported in a briefcase which was taken from the car of a physician on July 2, 2020. A review of the devices and paperwork showed they included some protected health information such as patient names, dates of birth, medical record numbers and/or information about the services administered at Moffitt.
Staff have been re-trained on securing patient data, the use of USB devices is being reconsidered, and auto-encryption processes are being fine-tuned to ensure all patient information is protected. Moffitt Cancer Center is unaware of any attempted improper use of patient data.