MSK Group notifying patients of data security incident

MSK Group in Tennessee, and its divisions, OrthoMemphis, Memphis Orthopaedic Group, Tabor Orthopedics, and Crosstown Back & Pain Institute, are notifying patients of a data security incident that they discovered on May 7.

In a notification letter dated July 5 and signed by Kimble L. Jenkins, CEO, the orthopedic group offered those affected free services with ID Experts.  In a notice on their web site they explain:

On May 7, 2018, MSK Group, P.C. discovered that its computer networks experienced a security event that day. MSK Group hired expert information security consultants to investigate, mitigate and assess the extent of this event, and we are continuing to work closely with consultants to further strengthen our computer network.

Fortunately, after extensive investigation MSK Group does NOT believe any records containing personal information, were actually removed from its computer network. There was, however, unauthorized access to certain parts of the network at times over several months, and personal information (such as full name, address, telephone, fax, photograph, email address, date of birth, social security number, diagnostic image, driver’s license, insurance and medical record information) was stored on the network.

Therefore, in an abundance of caution, MSK Group is notifying individuals whose personal information was stored on the network (by letter at their last known address) and is offering these individuals one year of free identity theft protection services with MyIDCare™ from ID Experts®. These services include: 12 months of credit monitoring, a $1 million insurance reimbursement policy with no deductible from an A.M. Best “A- rated” carrier, and fully managed ID theft recovery services. With this protection, MyIDCare will help you resolve issues if your identity is compromised. A full description of the offered services may be found at

These letters should begin arriving on approximately July 9.

If you receive such a letter and wish to activate your identity protection services, please go to and use the Enrollment Code provided in your patient notification letter. Please note that the deadline to enroll is 90 days from the date of this letter.

We also have included links below which provide more detailed information about this security event (FAQ) and Additional Steps you also may want to consider taking.

If you have misplaced your code, wish to confirm whether your records may be involved, have any questions, or just need more information, please call our toll-free number at 1-888-675-4771, Monday through Friday 7 a.m. to 7 p.m. CT. This toll-free number will be active until October 3, 2018.

MSK Group is fully committed to protecting the confidentiality of personal information. We sincerely regret this happened and apologize for any inconvenience or alarm this situation has caused.



The number of affected patients was not disclosed in any of their publicly available documents so far, and the incident does not appear on HHS’s public breach tool at the time of this posting.

About the author: Dissent

2 comments to “MSK Group notifying patients of data security incident”

You can leave a reply or Trackback this post.
  1. Barbara Knight - July 16, 2018

    I was questioning if this was legitimate, although I have been to an orthodox group mentioned in this breach, my 23 yr old grand daughter received same
    Letter , same day and she has never been to an ortho dr.??? We live at same adr. ?

    • Dissent - July 16, 2018

      This is a legitimate breach disclosure that has been reported to many states and outlets by now.

      Did your granddaughter ever accompany you to an appointment or get listed on any of your paperwork as a contact or authorized individual for HIPAA purposes?

      But seriously: your best bet is to call them and put your question to them.

      Good luck.

Comments are closed.