Peachtree Orthopedics Discovers Patient Database Was Hacked

Atlanta, GA-based Peachtree Orthopedics, a provider of orthopedic services in Cherokee, Cobb, Forsyth, Fulton and Gwinnett counties and metro Atlanta, has notified 531,000 patients that their protected health information has been compromised.

On September 22, 2016, the orthopedic clinic discovered its computer systems had been accessed by an unauthorized individual. That individual managed to gain access to a patient database.

Peachtree Orthopedics has confirmed the hacked system contained names, addresses, dates of birth, and email addresses. A number of patients also had their Social Security numbers, prescription records, and treatment codes exposed. The hacked database contained the records of patients that had visited the orthopedic clinic prior to July 2014, although some patients who visited after that date have also potentially been affected.

Peachtree Orthopedics said rapid action was taken to contain the breach to prevent further access to patient health data, although the substitute breach notice posted on the company’s website suggests patient data were actually stolen by the hacker.

The clinic is permitted up to 60 days following the discovery of a data breach to alert patients under Health Insurance Portability and Accountability Act Rules. Due to the seriousness of the breach, the clinic took the decision to issue notification letters quickly. All individuals impacted by the breach have also been offered a year of credit monitoring and identity theft protection services without charge.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.