Orthopedic groups in Texas and Kansas are among the 41 healthcare entities that have reported data breaches since the beginning of the year, according to the HHS Office for Civil Rights Breach Portal.
Fondren Orthopedic Group in Houston reported a malware incident affecting a network server, and Central Kansas Orthopedic Group in Great Bend was the victim of a ransomware attack.
The breach affecting Fondren Orthopedic Group occurred Nov. 21, 2019, and was reported to HHS on Jan. 17, 2020. It involved the data of 30,049 current or former patients of K. Mathew Warnock, MD, an orthopedic surgeon.
Fondren launched an investigation and found no evidence that a third party accessed or acquired medical or personal data.
However, the incident damaged some of the medical records in Fondren's system, according to a statement on the group's website. Affected patients will be asked to fill out new patient forms, including medical history, if they visit Dr. Warnock again.
Fondren is now reviewing its data security policies and procedures, as well as working to fortify existing protocols.
Central Kansas Orthopedic Group was hit by a ransomware attack on Nov. 11, 2019, and reported it to HHS on Jan. 28, 2020. The breach potentially compromised the data of 17,214 patients. The practice did not pay the demanded ransom.
Using backups, CKOG restored its system and all medical records. However, the hacker may have gained access to patients' addresses, referring providers, health insurance numbers, Social Security numbers and email addresses.
CKOG didn't find any evidence that the patient data was removed from the system or misused in any way.
The practice plans to implement additional security measures recommended by forensic investigators, according to a statement posted online. It is also offering identity theft protection, including 12 months of credit and CyberScan monitoring, a $1 million insurance reimbursement policy, and identity theft recovery services. CKOG declined to publicly comment at the time of publication.
Becker's Spine Review reached out Fondren's CEO for comment. This story will be updated if additional information becomes available.
Cumulatively, the breaches reported to HHS this year through Feb. 13 potentially affected over 1 million patients, according to JDSupra.
More articles on orthopedics:
Stryker ranks No. 8 in Fortune's 100 best workplaces
Wuhan neurosurgeon, hospital director dies from coronavirus, death toll rises to 1,800+
Medtronic reports spine revenue up 3%, hurt by low BMP sales: 7 things to know