Here are eight data breaches affecting orthopedic practices that Becker's has reported on so far in 2024:
1. Greensboro, N.C.-based Southeastern Orthopaedic Specialists experienced a data breach that exposed sensitive consumer information. An unauthorized party was able to gain access to the Southeastern Orthopaedic Specialists' network, accessing patient data including names, demographic information and reasons for visits.
2. Des Moines (Iowa) Orthopaedic Surgeons was hit with a data security incident that affected certain protected health information.
The orthopedic group's network suffered the incident around Feb. 17, 2023, when an unauthorized actor was able to access and remove certain DMOS files due to a vendor failure, according to a notice issued by the practice.
Data that was compromised includes full names, Social Security numbers, dates of birth, driver's license numbers, state identification numbers, passports, direct deposit bank information, medical information and health insurance information.
3. Wichita-based Kansas Joint and Spine Specialists reported a data breach that affected 83,869 patients. The practice became aware of an unauthorized third party accessing its systems on June 20 and took action to secure its network and investigate the activity.
Exposed patient data includes first and last names, Social Security numbers, addresses, dates of birth, contact information, diagnoses, health insurance claim numbers, medical record numbers and other unique identifiers.
4. Vail-Summit Orthopaedics & Neurosurgery in Colorado notified patients of a data breach in January. The practice saw suspicious activity in its IT systems on Jan. 4 and isolated its network. An investigation is ongoing, and the practice found an unauthorized party may have accessed sensitive information including names, addresses and Social Security numbers.
5. Northeast Orthopedics and Sports Medicine experienced a data security incident affecting 177,101 individuals. The orthopedic group launched an investigation after observing unusual activity on its computer network, and learned of potential unauthorized access to certain data on its network. This data may include patient information such as identifying information, payment and medical record information, health insurance information, and treatment and diagnosis information, according to a Feb. 9 notice on the organization's website.
6. Orthopedic Associates of Flower Mound (Texas) notified patients of an email breach in March. The practice launched an independent investigation after noticing suspicious activity in its email system. Investigators learned an unauthorized party accessed a physician's email between July 7, 2023, and Sept. 7, 2023. Information including medical history, Social Security numbers, patient names and financial data may have been compromised.
7. On March 7, Vancouver, Wash.-based Rebound Orthopedics & Neurosurgery filed a notice of a data breach with the attorney general of Montana. The organization confirmed that an unauthorized party was able to access the company's IT network on Feb. 2 and stole confidential patient information stored on its computer network.
8. In April, OrthoConnecticut said an unauthorized threat actor gained access to its network from Nov. 24-28 and may have removed files from the network. After conducting a thorough investigation, OrthoConnecticut found the unauthorized individual had access to files containing personal information for 118,141 patients.
The personal information exposed includes names, Social Security numbers, birth dates and medical information.