On September 20, 2024, Asheville Arthritis and Osteoporosis Center, P.A., based in Asheville, North Carolina, filed a notice of a data breach with the Attorney General of Montana after discovering that a recent cybersecurity incident compromised the personal information of its patients. The breach was a result of unauthorized access by a third party to sensitive data, including patient names, addresses, dates of birth, telephone numbers, Social Security numbers, and medical information. The center has since notified all affected individuals, providing them with details about what information was exposed.
The breach was identified on May 22, 2024, when Asheville Arthritis became aware of a cybersecurity incident that led to unauthorized access within its network. In response, the center secured its systems and initiated a thorough investigation with the help of external IT security experts. The investigation confirmed that certain files and folders containing sensitive personal data had been accessed by an unauthorized party, prompting the center to assess which individuals’ information had been compromised.
Upon completing the investigation, Asheville Arthritis reviewed the compromised files and identified the personal details involved in the breach. The information affected by the breach varied for each individual but may have included their name, address, date of birth, telephone number, Social Security number, and medical records. As a precautionary measure, the center began sending data breach notification letters to individuals whose information had been exposed, providing them with a breakdown of the specific data that was affected.
Asheville Arthritis and Osteoporosis Center, P.A. is a healthcare provider specializing in the treatment of arthritis, osteoporosis, and other rheumatic diseases, offering services such as laboratory tests, radiology, ultrasound, and bone density testing. The center employs over 40 people and generates approximately $7 million in annual revenue. While the investigation into the breach continues, Asheville Arthritis is taking steps to further secure its systems and prevent future incidents of this nature.
Reference:
