Cyber Incident Victim: Starling Physicians

On February 8, 2019, Starling Physicians, a Connecticut-based healthcare provider, experienced a cybersecurity incident involving unauthorized access to employee email accounts through a phishing attack. The organization detected the breach and immediately secured the compromised accounts to prevent further unauthorized access. Following containment, Starling engaged a forensic security firm to investigate the incident’s scope and origin. The investigation, completed on September 12, 2019, determined that attackers had infiltrated email accounts containing sensitive patient information. The breach did not extend beyond the email system, and no evidence suggested misuse of the accessed data at the time of discovery.

The compromised data included patients’ names, addresses, dates of birth, passport numbers, Social Security numbers, medical information, and health insurance or billing details. Starling notified affected individuals about the breach in November 2019, approximately nine months after the initial incident and two months after concluding the investigation. The delayed notification was attributed to the time required to identify impacted patients and validate contact information. While the breach exposed highly sensitive personal and medical data, Starling’s public statement did not specify the number of affected individuals or confirm whether ransomware or data exfiltration occurred. The organization reiterated its commitment to enhancing security protocols but did not disclose specific remedial measures taken beyond securing the email accounts and initiating the forensic review.