A physician-owned multispecialty group practice in Connecticut has warned patients about a data breach following a Feb. 8 cyberphishing attack.
Starling Physicians, based in Rocky Hill, said it became aware of a data security incident that resulted in the potential access to some of its patients’ personal and medical information, including some Social Security numbers.
The practice mailed notification letters to patients affected by the breach, including steps they can take to protect themselves against potential fraud or identify theft, Starling said in a statement on its website. The practice did not say how many patients were affected.
The cyberphishing attack resulted in an unauthorized third party potentially having access to the contents to some of its employees’ email accounts, the practice said. Upon learning of the attack, the practice secured its email accounts to prevent further access and retained a forensic security firm to investigate, conduct a comprehensive search for any personal information in the impacted accounts and confirm the security of the email and computer systems.
On Sept. 12, the investigation determined that the email accounts contained certain patients’ names, addresses, dates of birth, passport numbers, Social Security numbers, medical information and health insurance or billing information, the practice said. Starling offered free credit monitoring and identity theft protection services to patients whose Social Security numbers may have been impacted.
“Starling takes the security of its patients’ information very seriously and sincerely apologizes for any inconvenience this incident may cause any of its patients,” the practice said in its statement.
Patients were told to review credit card, bank and other financial statements, as well as claims made using their insurance, for any unauthorized activity.
A report issued earlier this year by Protenus and DataBreaches.net said breaches of patient privacy appear to be on the rise in the first half of 2019 with an alarming number of records affected by security incidents: 31.6 million.