Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Connecticut-based multi-speciality healthcare group Starling Physicians announced in November 2019 that the company had been hit with a cyber-phishing attack that resulted in a data breach of patient information.
About the Starling Physicians Data Breach
According to a notice posted by Starling Physicians in November, the data breach occurred on Feb. 8, 2019. The medical group stated that the length of time between the occurrence of the attack and the group’s notification to patients was due to the amount of time it took to determine what information may have been compromised, and how many patients were affected.
In February, a cyber-phishing attack was launched against the medical group, allowing the criminals behind the attack to gain access to employee email accounts, some of which contained sensitive patient information.
According to an investigation conducted by Starling following the attack, less than .01 percent of the medical group’s patients were affected by the breach. However, those that were may have had their personal and medical information compromised. Starling has sent notification letters to patients who were affected by the Starling Physicians data breach and has offered them complimentary identity theft protection services as well as credit monitoring services.
Following the breach, Starling retained a forensic security team to determine which patient information may have been accessed during the attack. After an investigation, the medical group determined that the email accounts that were compromised by the phishing attack may have contained patient information such as names, addresses, dates of birth, Social Security numbers, passport numbers, health insurance information, billing information, and medical information.
About Hospital Ransomware and Phishing Attacks
In addition to the Starling Physicians data breach, many other medical centers have been targeted by phishing scams or ransomware thieves over the past several years. According to one study, more than 1,500 healthcare organizations have been subject to ransomware attacks since 2016. These attacks have cost more than $160 million and may have exposed the sensitive information of millions of patients.
These attacks are often launched against medical centers, due to the highly sensitive information contained in their systems, and the incentive to quickly give in to the attackers’ demands. Without access to medical systems or patient records, hospitals may not be able to provide patients with a high standard of care and may have to rely on memory or written charts rather than digitized medical records.
While the Starling Physicians data breach appears to have been caused by a phishing email that infiltrated the medical group’s systems to steal patient information, many other attacks come accompanied by a demand for a ransom.
These attacks freeze up hospital systems and patient records, making them inaccessible to the medical center until the attackers’ demands are met. These demands generally include sums of thousands or millions of dollars to be paid in bitcoin, or other digital currencies.
While some hospitals give in to these demands and pay a ransom in order to regain access to their systems and patient records, the FBI recommends against paying ransoms. Doing so many only encourage thieves to continue targeting hospitals and compromising patient data.
Hospitals who have refused to pay ransoms have attempted to regain access to their files on their own, or have restored their systems using backups. In many cases, it has been unknown whether the criminals responsible for the attacks have accessed the patient files, or have simply made them inaccessible to the medical centers.
While some hospitals may be hesitant to pay ransoms, there is a strong incentive to regain control of patient data. Patients whose medical or personal data has been compromised by ransomware attacks may be vulnerable to crimes including identity theft and financial theft.
Thieves who access information including full names, birth dates, and Social Security numbers may be able to access existing financial accounts, open lines of credit in victims’ names, or collect tax refunds. People who have been notified that their data was involved in a breach may want to keep an eye on their financial accounts as well as their credit score, to ensure that their identity has not been stolen.
If you have been the victim of a data breach at Starling Physicians or another medical center, you may be eligible to speak with an experienced attorney about your legal options. Some victims of data breaches may be able to open an investigation or class action lawsuit regarding these privacy violations, and could potentially be entitled to pursue compensation.
Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation
If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.
This article is not legal advice. It is presented
for informational purposes only.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
5 thoughts onStarling Physicians Data Breach Exposed SSNs, Birth Dates, Names
Add me
Please add me
Please add me
add me in
Please add me