Breaches Affect Patients at Starling Physicians, Advocate Aurora Health, Moffitt Cancer Center and INTEGRIS Baptist Medical Center

7,777 Starling Physicians Patients Affected by Email Breach

Starling Physicians in Rocky Hill, CT began sending notifications to 7,777 patients concerning an unauthorized individual who potentially got access to some of their protected health information (PHI) saved in email accounts.

Starling Physicians discovered a breach of its email environment on or about July 7, 2020. A thorough analysis was performed to figure out the magnitude of the breach and if there was access of any patient information. Although there is no evidence uncovered that PHI was viewed, unauthorized information access can’t be eliminated.

An analysis of the email messages and attachments showed that they contained names together with a number of these data elements: patient account numbers, medical record numbers, birth dates, diagnostic data, healthcare company data, prescription details, and treatment details. The address, Medicaid/Medicare ID number and/or Social Security number of some affected people were likewise compromised.

Starling Physicians is fortifying its cybersecurity measures to avoid identical data security incidents later on.

PHI of 2,979 Advocate Aurora Health Patients Exposed

Advocate Aurora Health found out that paper documents and some hard copy records were exposed at the Aurora Medical Center – Bay Area in Wisconsin when the facility is being prepared for sale and unauthorized persons may have accessed records.

An analysis of the files showed that they comprised the personal information and PHI of 2,979 patients. The center was not utilized as a hospital since August 2018. However, the building was used for limited public functions after that date, and the information may have been breached during those occasions.

The exposed records included patients’ first and/or last names, birth date; telephone number; address; emergency contact details, Social Security number, gender, weight and height, medical record number, dates of service, test or laboratory results, diagnoses, prescription drugs, employer details, and/or medical insurance details.

Advocate Aurora Health already secured the files and notified the affected persons. The affected individuals also received offers for free Experian’s IdentityWorksSM service for 12 months.

Unencrypted Storage Devices Theft at Moffitt Cancer Center

Lee Moffitt Cancer Center and Research Institute based in Tampa is sending notification to 4,056 patients about the theft of two unencrypted storage devices and paperwork that contain PHI.

A briefcase containing the USB devices and paper documents was taken from a doctor’s vehicle on July 2, 2020. An evaluation of the portable devices and documents affirmed that they contained the following limited PHI: patient names, dates of birth, details regarding the services acquired at Moffitt and medical record numbers .

The employees went through additional training on protecting patient data. The policies on the use of USB devices is under evaluation. Moffitt additionally enhanced its auto-encryption processes to make certain that all patient data is safe. Moffitt Cancer Center is not aware of any attempt of patient information misuse.

Missing Hard Drive Stored the PHI of INTEGRIS Baptist Medical Center Patients

INTEGRIS is notifying a number of patients that a portable hard drive containing some of their protected health information was lost during an on-campus office relocation. It was just on October 17, 2020
that INTEGRIS found out that the portable hard drive was gone. A comprehensive search was carried out nevertheless the hard drive couldn’t be found.

A backup copy of the hard drive’s information was located and assessed. It was determined to have information of selected patients who got healthcare services at INTEGRIS Baptist Medical Center Portland Avenue in Oklahoma City, previously called as Deaconess Hospital. The patient data on the hard drive only included patients’ names, some clinical data and Social Security numbers.

INTEGRIS offered the impacted persons free membership of Experian’s IdentityWorksSM Credit 3B service for one-year.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone