Notice Of Data Security Incident
Starling Physicians values and respects the privacy of our patients’ information and takes protecting your privacy seriously. Unfortunately, we have become aware of a data security incident that resulted in the potential access to some of our patients’ personal and medical information. Starling has mailed notification letters to impacted patients for whom it had a valid mailing address. That notice includes information on steps individuals can take to protect themselves against potential fraud or identity theft. Please note that this incident has impacted less than .01% of our patient population.
On February 8, 2019, Starling was the target of a cyber-phishing attack that resulted in an unauthorized third party potentially having access to the contents of some of our employees’ email accounts. Upon learning of the incident, we promptly secured the email accounts to prevent further access. We also retained a leading forensic security firm to investigate and conduct a comprehensive search for any personal information in the impacted accounts, and to confirm the security of our email and computer systems. On September 12, 2019, the investigation determined that the contents of the affected email accounts contained certain patients’ names, addresses, dates of birth, passport numbers, Social Security numbers, medical information and health insurance or billing information. This investigation took time which is why there was a delay in notifying patients until all the facts were known. Individuals whose Social Security numbers may have been impacted received an offer for complimentary credit monitoring and identity theft protection services.
Starling encourages its patients to remain vigilant to the possibility of fraud and identity theft by reviewing credit card, bank, and other financial statements, as well as claims made using their insurance for any unauthorized activity. If individuals detect any suspicious activity, they should notify the entity with which the account is maintained, and promptly report the suspicious activity to appropriate law enforcement authorities, including the police and their state attorney general. In addition, anyone looking for information on fraud prevention can review tips provided by the FTC at www.ftc.gov/idtheft.
Starling takes the security of its patients’ information very seriously and sincerely apologizes for any inconvenience this incident may cause any of its patients. If you have any questions or concerns about this incident, please contact 1-888-800-3306, Monday through Friday, 8am to 5pm.