Orthopaedic Specialists of Connecticut & DATS in Pennsylvania Announce 22K-Record Data Breaches
Data breaches have recently been confirmed by Orthopaedic Specialists of Connecticut, Drug and Alcohol Treatment Services, Inc. in Pennsylvania, and Brainard Surgery Center in Ohio. The Texas Health and Human Services Commission has recently confirmed that a previously announced data breach has affected 33,500 more individuals than previously thought.
Orthopaedic Specialists of Connecticut
Orthopaedic Specialists of Connecticut has notified 22,541 patients about a hacking incident that saw unauthorized individuals gain access to its network on March 2, 2025. Immediate action was taken to prevent further unauthorized access, and a forensic investigation was launched, with assistance provided by third-party cybersecurity experts.
While data theft was not confirmed, the possibility that files containing patient data had been copied from its network could not be ruled out. The file review was completed in April 2025 and confirmed that the exposed data included first and last names, dates of birth, Social Security numbers, health insurance numbers, and medical information. The types of data involved varied from individual to individual, and at the time of issuing notifications, no reports had been received to suggest any misuse of the impacted information.
Notification letters started to be mailed to the affected individuals on April 23, 2025. Orthopaedic Specialists of Connecticut said it is working on enhancing its technical safeguards to prevent similar incidents in the future and has offered the affected individuals 12 months of complimentary credit monitoring and identity theft protection services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Drug and Alcohol Treatment Services, Pennsylvania
Drug and Alcohol Treatment Services, Inc. (DATS) in Pennsylvania has recently notified the HHS’ Office for Civil Rights about a data breach involving the protected health information of 22,215 individuals. The breach, which was publicly disclosed on December 5, 2025, was identified on or around October 6, 2024.
The internal investigation confirmed that an unauthorized third party gained access to its network and may have viewed or obtained patient data. The data breach notice does not state when its network was first breached or how long it took to identify the breach. The data review confirmed that the exposed data included patient names, dates of birth, medical histories, treatment information, health insurance information, medical claims information, billing information, Social Security numbers, and financial information. DATS said it is unaware of any misuse of the exposed data.
DATS has worked with cybersecurity specialists to evaluate and reinforce its security measures to prevent similar incidents in the future. The affected individuals have been advised to monitor their accounts and explanation of benefits statements for signs of fraudulent activity. The Interlock ransomware group claimed responsibility for the attack.
Brainard Surgery Center, Ohio
Brainard Surgery Center in Lyndhurst, Ohio, has recently disclosed a data security incident that was identified on February 23, 2025, when suspicious activity was observed in its computer network. Assisted by third-party cybersecurity experts and digital forensics specialists, Brainard Surgery Center confirmed that a threat actor accessed its network and copied files containing patient data.
The types of information involved vary from individual to individual and included names plus some or all of the following information: mailing address, date of birth, Social Security number, driver’s license number or other state identification number, medical claims information, health insurance information, and/or clinical information such as diagnoses/conditions, medications, and other health information.
Brainard Surgery Center said additional security measures have been implemented to prevent similar incidents in the future, and notification letters will soon be mailed to the affected individuals. It is currently unclear how many individuals have been affected, as the data review is ongoing. To meet breach reporting requirements, Brainard Surgery Center has notified the HHS’ Office for Civil Rights that the breach has affected at least 501 individuals. The total will be updated when the file review is concluded.
Texas Health and Human Services Commission
The Texas Health and Human Services Commission has issued an update on a data privacy incident previously announced in January 2025. The breach involved unauthorized access to protected health information by employees over a three-and-a-half-year period. Initially, the breach was reported as affecting 61,104 individuals; however, it has now been confirmed that the protected health information of an additional 33,529 individuals was impermissibly accessed, used, or disclosed.
