OrthoConnecticut PLLC, a prominent multi-specialty orthopedic practice throughout western and southern Connecticut, disclosed a data breach affecting 118,141 patients.
According to the HHS Breach Report, OrthoConnecticut reported a data breach on April 26, 2024. The breach involved unauthorized access to its network environment from November 24 to November 28, 2023.
The breach prompted OrthoConnecticut to initiate an investigation, secure its network, and collaborate with law enforcement and third-party cybersecurity experts to assess the extent of the breach and mitigate potential risks. On OrthoConnecticut March 27, 2024, concluded that breached data may include patients’ names, dates of birth, Social Security numbers, and medical information.
According to OrthoConnecticut’s Notice of Data Security Incident, "The impacted data contained the personal information of certain individuals, including full names in combination with one or more of the following: Social Security number, date of birth, and medical information. Medical information includes, but is not limited to, patient account number, doctor’s name, lab test details, and patient history.”
Furthermore, OrthoConnecticut sincerely apologizes for the incident and states, “We have no evidence that any information has been misused as a direct result of this incident. Nevertheless, out of an abundance of caution, we are notifying affected individuals of the scope of the incident.”
Their notice also suggests other precautionary measures for affected individuals to protect their personal information, such as “placing a Fraud Alert and Security Freeze on [their] credit files and obtaining a free credit report. Additionally, impacted individuals should always remain vigilant in reviewing their credit reports regularly and report any irregular activity immediately.”
OrthoConnecticut's breach aligns with a larger trend of increasing cyberattacks targeting healthcare organizations globally, prompting healthcare organizations to reevaluate their cybersecurity strategies and infrastructure. As the healthcare industry increasingly relies on digital technology, it must prioritize cybersecurity measures to protect sensitive patient data.
More specifically, investing in advanced cybersecurity tools and technologies can provide an extra layer of protection against sophisticated cyber threats. Furthermore, healthcare organizations should frequently collaborate with cybersecurity experts and stay informed about the latest trends in healthcare cybersecurity to stay ahead of potential risks.