Share this article on:
Atlanta, GA-based Peachtree Orthopedics, a provider of orthopedic services in Cherokee, Cobb, Forsyth, Fulton and Gwinnett counties and metro Atlanta, has notified 531,000 patients that their protected health information has been compromised.
On September 22, 2016, the orthopedic clinic discovered that its computer systems had been accessed by an unauthorized individual who gained access to a patient database. Computer forensics experts have been brought in to conduct the investigation, which is still ongoing. The Federal Bureau of Investigation has also been notified of the security breach and investigation has been launched.
While few details of the breach have currently been released, Peachtree Orthopedics has confirmed that the hacked system contained names, addresses, dates of birth, email addresses. A number of patients have also had their Social Security numbers, prescription records, and treatment codes exposed. Peachtree Orthopedics has not disclosed how many of its patients have been affected.
The hacked database mostly contained records of patients that had visited the orthopedic clinic prior to July 2014, although some patients who visited after that date have also potentially been affected. Rapid action was taken to contain the breach and prevent further access to patient health data. The substitute breach notice posted on the company’s website suggests that patient data were actually stolen by the hacker.
While the clinic is permitted up to 60 days following the discovery of a data breach to alert patients under Health Insurance Portability and Accountability Act Rules, the clinic took the decision to issue breach notification letters promptly to limit harm to patients.
All individuals impacted by the breach have now been notified of the security breach by mail and have been offered a year of credit monitoring and identity theft protection services without charge, along with other steps that can be taken to mitigate risk of fraud and financial harm.