Cyber Incident Victim: NorthStar Healthcare Consulting
Date:
Apr 2022
Location:
United States of America
Summary
A NorthStar Healthcare Consulting employee email account was compromised, potentially exposing Georgia Medicaid members' personal and health information, including names, identification numbers, birthdates, contact details, prescriptions, diagnoses, and related medical data. The intrusion was contained by securing the account and changing passwords, with law enforcement notified and a forensic review confirming no other systems were affected. While investigators could not definitively determine whether data was accessed or exfiltrated, the organization attributed notification delays to conducting a comprehensive assessment of impacted individuals. The incident prompted collaboration with third-party experts to strengthen network security controls and data protection measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 20, 2022, NorthStar Healthcare Consulting discovered unauthorized access to an employee email account, compromising systems containing Georgia Medicaid member data. As a business associate of the Georgia Department of Community Health, NorthStar immediately secured the breached account, changed account passwords, and notified law enforcement. A forensic investigation confirmed the threat actors accessed the email account but could not determine whether any data was exfiltrated or viewed. The review verified no other email accounts or organizational systems were affected beyond the single compromised account. The impacted email contained sensitive Medicaid information including member names, identification numbers, dates of birth, contact details, prescription records, prescriber names, medical appeal numbers, and diagnoses.
The incident potentially affected 18,354 Medicaid members whose data resided in the breached account. NorthStar attributed the delayed public notification to the time required for a comprehensive review to identify impacted individuals and assess the scope of exposed information. In response, the organization engaged third-party forensic specialists to evaluate network security and implemented enhanced data protection controls. No evidence suggested misuse of the compromised data, but the breach exposed patients to potential identity theft and medical fraud risks due to the sensitivity of the Medicaid information involved. NorthStar did not disclose whether credit monitoring was offered to affected individuals. The organization’s remediation efforts focused on strengthening email security protocols and preventing similar account compromises through improved system safeguards.