Peerstar LLC, a Pennsylvania-based provider of mental health support services, has revealed that 11,438 patients have been informed about the exposure and potential theft of their protected health information. The company detected suspicious activity on its network on March 7, 2023, prompting it to engage third-party security experts to investigate the incident and assess the security of its systems. Subsequently, on May 17, 2023, it was confirmed that an unauthorized third party had accessed its systems between February 22, 2023, and March 3, 2023, resulting in the exposure of protected health information. Peerstar emphasized that, to date, it has not been aware of any actual or attempted misuse of patient data.
The exposed information varied from patient to patient and may have encompassed a wide array of data, such as first and last names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, admission and discharge dates, physical or mental health conditions, treatment and diagnosis information, driver’s license numbers or government-issued identification numbers, financial account numbers, credit or debit card numbers, digital signatures, birth or marriage certificates, healthcare payment information, and health insurance information, including application and claims history, as well as policy numbers or subscriber identification numbers.
In response to this breach, Peerstar has initiated measures to bolster its cybersecurity defenses, including the implementation of additional safeguards. Employee cybersecurity training has been intensified, and the organization is actively enhancing its cybersecurity policies, procedures, and protocols to ensure a higher level of security.
Fredericksburg Foot & Ankle Center in Fredericksburg, VA, also reported a data breach, affecting up to 14,912 individuals. The healthcare provider, in its breach notice on October 25, 2023, did not disclose when it initially became aware of the potential breach but stated that it was informed of unauthorized access to files by a third party on or around April 21, 2023.
The files that were accessed contained patients’ protected health information, including their names, personal identifiers, and Social Security numbers. The affected individuals have been offered complimentary single bureau credit monitoring services, and the healthcare provider is committed to continually reviewing and modifying its practices and internal controls to enhance the security and privacy of personal information.
