Criminals had access to patient data for more then a month at NorthStar Anesthesia in Irving, Texas.
Access to data came via an email phishing attack and now the organization is notifying an undisclosed number of patients that their personal health information may have been compromised.
NorthStar learned of the attack on May 24, 2018 and engaged forensic investigators to assess the nature and scope of the breach and affected information. Forensics showed that unauthorized individuals gained access to certain employee email accounts between April 3 and May 24 and that the emails contained protected health information.
The amount of compromised data was considerable and included name, date of birth, health insurance application, claims information, health insurance policy or subscriber number, taxpayer identification number, medical history, diagnoses and treatments, medical record number and Social Security numbers for a subset of individuals. The number of affected individuals will be posted on the HHS Office for Civil Rights’ data breach web site.
North Star is offering affected individuals credit monitoring and identity restoration services from an unnamed vendor for two years. The organization also has given affected patients information on monitoring their accounts, including credit reports, gave direction on placing a fraud alert with the major credit bureaus and placing a security freeze on credit reports.
“However, please be advised that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing or other services,” NorthStar cautioned affected individuals. “If you have been a victim of identity theft and you provide the credit bureau with a valid police report, it cannot charge you to place, lift or remove a security freeze.”
In response to inquiries about the data exposure, NorthStar Anesthesia declined to provide additional details.