Orthopedic Associates of Dutchess County notifies more than 330,000 patients of breach
On March 5, Orthopedic Associates of Dutchess County in New York (“OADC”) became aware of suspicious activity involving its systems. Their investigation determined that an unauthorized actor gained access to certain OADC systems on or about March 1, 2021, encrypted files, and then claimed to have removed and/or viewed certain files.
According to the notification letter signed by Gina Sleeper, Chief Executive Officer, the the threat actor seemingly provided some files as proof, but the notification letter does not disclose what any ransom demand might have been and whether OADC paid any ransom.
The types of data involved included patients’ name, address, telephone number, email address, emergency contact, guarantor, patient identification number, medical record number, diagnosis information, health insurance number and other health insurance information, payment details, date of birth, Social Security number, and treatment information.
Letters are being sent out, beginning yesterday, to 331,376 patients. The letter offers 12 months of identity and credit monitoring.