Starling Physicians

Starling Physicians, also known as Starling Healthcare, operates as a healthcare provider organization based in the United States. Its core function involves delivering medical services to patients, encompassing physician consultations and treatments. The organization manages sensitive patient information integral to healthcare delivery and administrative processes, including billing and insurance coordination. This places it firmly within the healthcare sector, requiring adherence to regulations governing protected health information. Its operations are centered in Connecticut, indicating a regional focus within the broader U.S. healthcare market.

The organization handles a wide range of highly confidential patient data as part of its standard operations. This includes personal identifiers like names, addresses, dates of birth, passport numbers, and Social Security numbers, alongside detailed medical information and health insurance or billing records. Managing this volume and sensitivity of data necessitates robust security protocols and compliance with frameworks like HIPAA. Starling Physicians' cybersecurity posture was tested by a significant incident involving unauthorized access to patient data.

On February 8, 2019, Starling Physicians experienced a cyber-phishing attack that successfully compromised several employee email accounts. This breach led to unauthorized access to sensitive patient information stored within those accounts. The Connecticut-based group responded by securing the affected email accounts to prevent further intrusion. They engaged a specialized forensic security firm to conduct a thorough investigation into the scope and impact of the incident. The forensic review ultimately confirmed that attackers accessed patient names, addresses, dates of birth, passport numbers, Social Security numbers, medical details, and health insurance or billing records. Following the completion of the forensic investigation, Starling Physicians notified the individuals whose personal and medical information was exposed in the breach. This incident underscores the persistent cybersecurity risks facing healthcare providers entrusted with highly sensitive personal data.