Email Account Breaches Reported by Atlantic Orthopaedic Specialists & York County, PA
Email account breaches have been reported by Atlantic Orthopaedic Specialists in Virginia and York County in Pennsylvania. The account breach at Atlantic Orthopaedic has affected more than 15,000 individuals. York County has yet to determine how many individuals have been affected.
Atlantic Orthopaedic Specialists, Virginia
Vann Virginia Center for Orthopaedics, doing business as Atlantic Orthopaedic Specialists, has identified unauthorized access to a corporate email account. The security incident was detected on August 6, 2024, and third-party cybersecurity experts were engaged to assist with the investigation. The investigation confirmed there had been unauthorized access to a single email account between June 20, 2024, and August 6, 2024. During that time, it is possible that sensitive information was viewed or acquired. The review of the account concluded on October 28, 2024, when it was confirmed that the account contained the protected health information of 15,264 individuals.
The information exposed varied from individual to individual and may have included full names along with one or more of the following: date of birth, Social Security number, driver’s license number, state identification number and/or other government identification numbers, credit/debit card information, medical information, and health insurance information. While data has been exposed, Atlantic Orthopedic said it is unaware of any misuse of the affected data. Notification letters were mailed to the affected individuals on November 22, 2024, and individuals whose Social Security numbers were involved have been offered complimentary credit monitoring services.
York County, Pennsylvania
York County in Pennsylvania has discovered unauthorized access to an employee’s email account. Suspicious activity was identified in the account on September 20, 2024, and the account was immediately secured. The forensic investigation confirmed that an unauthorized third party had access to the email account for a short period on September 20th and the unauthorized access was limited to a single account.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The email account contained personal data such as names, addresses, and medical information. The review of the emails and attachments is ongoing, so it is not possible to confirm at this stage exactly what types of information have been exposed or the number of individuals affected. Notification letters will be mailed to the affected individuals when the review is concluded. In the meantime, the breach has been reported to the HHS’ Office for Civil Rights using an interim figure of 501 affected individuals. York County is reviewing its policies and procedures and is implementing additional administrative and technical safeguards to better protect sensitive data.
