OrthopedicsNY, LLP, a healthcare services provider based in Albany, New York, has recently disclosed a significant data breach affecting patient information. On November 6, 2024, the company filed an official notice with the Attorney General of Texas after discovering that an unauthorized party accessed sensitive consumer data, including personal details such as Social Security numbers, health insurance information, and protected health data. The breach initially occurred in December 2023 when an external party attempted to access the company’s network and demanded a ransom. While the company secured its systems, the breach allowed the unauthorized access of confidential information, prompting an internal investigation.
Following the discovery of the breach, OrthopedicsNY launched a thorough investigation to assess the scope of the incident. The investigation confirmed that a portion of the company’s network had been compromised, exposing a range of sensitive patient data. This included not only personal details such as names, dates of birth, and addresses but also highly sensitive information like financial account numbers, driver’s license numbers, and passport information. The breach appears to be the result of a targeted attack, highlighting the evolving security threats faced by healthcare organizations.
As part of its response, OrthopedicsNY began sending personalized data breach notification letters to individuals whose information was compromised. The company’s notice provides affected individuals with details about the data exposed and offers guidance on the necessary steps they can take to protect themselves from potential identity theft or fraud. While the company is still working to understand the full scope of the breach, it has urged patients to remain vigilant and monitor their accounts for any suspicious activity.
OrthopedicsNY operates several locations across New York and serves a broad range of patients. With over 335 employees and annual revenues of approximately $44 million, the breach could have far-reaching consequences for both the company and its patients. As the investigation continues, OrthopedicsNY is working with cybersecurity experts to strengthen its systems and prevent future incidents. The breach underscores the growing importance of robust cybersecurity practices, particularly in healthcare, where patient data is a high-value target for cybercriminals.