On July 20, 2018, NorthStar Anesthesia submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Based in Irving, Texas, NorthStar Anesthesia’s email breach affected 19,807 individuals’ protected health information.
NorthStar Anesthesia is classified as a Healthcare Provider.
According to this report about NorthStar Anesthesia’s email breach:
Criminals had access to patient data for more then a month at NorthStar Anesthesia in Irving, Texas.Access to data came via an email phishing attack and now the organization is notifying an undisclosed number of patients that their personal health information may have been compromised.NorthStar learned of the attack on May 24, 2018 and engaged forensic investigators to assess the nature and scope of the breach and affected information. Forensics showed that unauthorized individuals gained access to certain employee email accounts between April 3 and May 24 and that the emails contained protected health information.
The amount of compromised data was considerable and included name, date of birth, health insurance application, claims information, health insurance policy or subscriber number, taxpayer identification number, medical history, diagnoses and treatments, medical record number and Social Security numbers for a subset of individuals. The number of affected individuals will be posted on the HHS Office for Civil Rights’ data breach web site.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame