Cyberattacks at Lubbock Heart & Surgical Hospital and NorthStar Healthcare Consulting

Lubbock Heart & Surgical Hospital based in Texas lately reported its encounter with a hacking incident that disrupted the operations of part of its IT systems. The hospital detected the cyberattack on July 12, 2022 and took quick action to control the incident and stop continuing unauthorized access. Forensics specialists helped to find out the nature and extent of the cyberattack. Based on the investigation, the attackers accessed its systems from July 11 to July 12. However, it cannot be known if the attackers accessed or copied any files that contain patient data.

The accessed files potentially included the following patient data: names, contact data, demographic details, birth dates, diagnosis and treatment details, prescription details, medical record numbers, names of providers, dates of service, medical insurance data, and Social Security numbers.

Lubbock Heart & Surgical Hospital stated security measures and technical procedures were improved to avoid more security incidents. On September 9, 2022, the hospital sent notification letters to the 23,379 impacted persons. Free credit monitoring and identity theft protection services were provided to those whose Social Security numbers were exposed.

Data Breach at NorthStar Healthcare Consulting Impacts 18,354 Individuals

NorthStar Healthcare Consulting based in Alpharetta, GA is a business associate that supports Optum Rx. It provides the Georgia Department of Community Health, Medical Assistance Plans Division with pharmacy benefit management services. It recently announced the breach of the email account of an employee, thus exposing sensitive patient data.

Based on the breach notice sent to the Vermont Attorney General, NorthStar Healthcare Consulting discovered suspicious activity in the email account on April 20, 2022. An incident investigation by third-party forensic experts confirmed that an unauthorized individual accessed the email account. However, it was not determined which emails that contain protected health information(PHI) were accessed or copied by the attacker. The investigation finished on July 15, 2022. The gathering of updated contact information has begun in order to send the necessary notifications.

NorthStar Healthcare Consulting stated that the emails included names, addresses, dates of birth, Medicaid numbers, prescription medication names, names of prescribers, and appeal numbers. The brief notes on diagnosis and associated symptoms were also included for some patients. NorthStar Healthcare Consulting stated it has taken steps to strengthen email security and offered free credit monitoring and identity theft protection services to impacted persons.

The provider has submitted the breach report to the HHS’ Office for Civil Rights indicating that 18,354 individuals were affected.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at