Central Indiana Orthopedics

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Central Indiana Orthopedics (CIO), based in Muncie, Indiana, experienced a significant cybersecurity incident that was first detected on October 16, 2021. This incident was identified when unusual activity was observed on CIO’s network, prompting an immediate investigation into the matter. The investigation, conducted with the assistance of a specialized third-party cybersecurity firm, revealed that some of CIO’s files had been accessed by an unauthorized actor. The data breach investigation found evidence of unauthorized access, and it was determined that the personal information of over 83,000 individuals might have been compromised. The types of information potentially leaked include names, Social Security numbers, addresses, and limited medical information[7].

The breach was caused by a ransomware attack, which is a type of malicious software designed to block access to a computer system until a sum of money is paid. The cybercriminals associated with the Grief threat actor group were identified as the perpetrators behind this ransomware attack[9]. Following the discovery of the breach, CIO took immediate steps to secure and safely restore its systems and operations. Despite these efforts, the incident led to a significant amount of personal information being potentially exposed to unauthorized access.

In response to the breach, CIO has taken several measures to bolster its security posture. These measures include changing administrative credentials, restoring operations in a safe and secure mode, and enhancing security measures to mitigate the risk of future harm. Additionally, CIO is offering affected individuals complimentary credit monitoring, dark web monitoring, and identity theft protection services to help protect against potential misuse of their information[6].

A class action lawsuit was filed against Central Indiana Orthopedics relating to the data security incident, and a settlement has been reached. Individuals whose personal information was affected by the 2021 data incident at CIO may be eligible for a payment and/or credit monitoring services as part of the settlement[2][4][5].

This incident underscores the growing threat of cyberattacks and data breaches within the healthcare sector, highlighting the importance of robust cybersecurity measures to protect sensitive patient information.

Citations:

  1. https://www.doj.nh.gov/consumer/security-breaches/documents/central-indiana-orthopedics-20220314.pdf
  2. https://centralindianaorthopedicssettlement.com
  3. https://www.bankinfosecurity.com/2-healthcare-hacking-incidents-affect-310000-patients-a-18686
  4. https://centralindianaorthopedicssettlement.com/submit-claim
  5. https://centralindianaorthopedicssettlement.com/faqs
  6. https://www.govinfosecurity.com/2-healthcare-hacking-incidents-affect-310000-patients-a-18686
  7. https://www.thelyonfirm.com/blog/central-indiana-orthopedics-data-breach/
  8. https://www.hipaajournal.com/central-indiana-orthopedics-duncan-regional-hospital-report-80k-record-data-breaches/
  9. https://classlawdc.com/2022/03/10/data-breach-investigation-of-leaked-central-indiana-orthopedics-patient-information/
  10. https://www.mass.gov/doc/assigned-data-breach-number-26102-central-indiana-orthopedics/download
  11. https://www.scmagazine.com/analysis/ransomware-attack-drives-indiana-provider-offline-vendor-breach-impacts-173k-dental-patients
Breach Submission Date Mar 07, 2022
Converted Entity Name Central Indiana Orthopedics
Converted Entity Type Healthcare Provider
State IN
Individuals Affected 83,705
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes