Patient PHI Compromised Due to Email Breach and Lost/Stolen Storage Devices

7,777 Patients of Starling Physicians Impacted by Email Breach

Starling Physicians based in Rocky Hill, CT started informing 7,777 patients regarding an unauthorized person who likely accessed some of their protected health information (PHI) stored in email accounts.

Starling Physicians detected a breach of its email system on or some time on July 7, 2020. A detailed review was done to ascertain the scope of the breach and whether or not patient data was accessed. Though there is no proof found that PHI was accessed, unauthorized information access cannot be excluded.

A review of the emails and attachments revealed that they stored names as well as a few of these data elements: medical record numbers, patient account numbers, birth dates, diagnostic data, healthcare provider data, prescription data, and treatment details. The address, Medicare/Medicaid ID number and/or Social Security number of a few affected persons were also exposed.

Starling Physicians is improving its cybersecurity solutions to avert the same data security occurrences.

Unencrypted Storage Devices Stolen from Moffitt Cancer Center

Lee Moffitt Cancer Center and Research Institute located in Tampa is informing 4,056 patients regarding the two stolen unencrypted storage devices and paper documents with PHI.

A briefcase containing the USB devices and files was stolen from a physician’s vehicle on July 2, 2020. An analysis of the USB devices and papers established that they included the following some protected health information: patient names, dates of birth, information about the services obtained at Moffitt, and medical record numbers.

The workforce underwent additional training on patient data security. The policies on using USB devices are under review. Moffitt also improved its auto-encryption procedures to make sure that all patient information is protected. Moffitt Cancer Center does not know about any attempt of patient information misuse.

Lost Hard Drive Held the PHI of INTEGRIS Baptist Medical Center Patients

INTEGRIS is informing some patients that a portable hard drive along with a few of their protected health information was lost at the time of an on-campus office move. It was just on October 17, 2020
that INTEGRIS noticed that the hard drive was missing. A detailed search was performed nonetheless the hard drive cannot be found.

A duplicate copy of the hard drive’s data was located and reviewed. It was confirmed to consist of information of a number of patients who obtained medical services at INTEGRIS Baptist Medical Center Portland Avenue in Oklahoma City, earlier named as Deaconess Hospital. The patient data on the drive only included patients’ names, limited clinical information and Social Security numbers.

INTEGRIS provided the affected individuals with complimentary membership of Experian’s IdentityWorksSM Credit 3B service for 12 months.