On Sept. 17, 2020, the practice identified unusual email activity and launched an investigation into the incident with assistance from cybersecurity experts. On March 25, the group began notifying 125,291 patients, employees and dependents of the cyberattack.
“Multiple employee email accounts were subject to unauthorized access between October 2019 and September 2020,” the practice said in a news release. Centers for Advanced Orthopaedics subsequently initiated a data-mining effort to identify potentially affected individuals.
The practice on Jan. 25 determined that protected health information was contained in emails accessible to the cybercriminal, but said it cannot confirm whether this information was accessed or acquired by the individual.
Information exposed in the hacks may include Social Security numbers, passport number and financial account information.
The practice said it is reviewing policies and procedures, assessing its security infrastructure and installing additional safeguards to protect against future cyberattacks.
More articles on practice management:
Which spine procedures are surgeons migrating to the ASC in 2021?
The next 3 years in spine: What will gain ground on fusion?
5 ways spine surgery is changing: ASCs, endoscopic surgery & more
