Des Moines Orthopaedic Surgeons, P.C.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Des Moines Orthopaedic Surgeons, P.C. (DMOS), a healthcare services provider based in West Des Moines, Iowa, experienced a significant data breach due to a vendor failure on February 17, 2023. This incident allowed an unauthorized actor to access and potentially acquire sensitive personal and health information from DMOS’s computer network[1][2][3][4][5][6][7][8].

The compromised information includes names, Social Security numbers, dates of birth, driver’s license numbers, state identification numbers, passport numbers, direct deposit bank information, medical information, and health insurance information[1][2][3][4][5][6][7][8]. The breach affected approximately 307,000 patients[5].

DMOS began sending out data breach notification letters to affected individuals on January 24, 2024, after confirming the unauthorized access on December 6, 2023[1][3][4]. The letters provided victims with a list of the information that was compromised and offered steps to protect their personal information, such as enrolling in complimentary credit monitoring services and implementing security measures like fraud alerts and credit freezes[1][7][8].

The company has since changed its technology vendors, upgraded security on all servers and workstations with outside monitoring, and implemented Multi-Factor Authentication for network access[7]. Despite these measures, the breach has led to investigations and potential class action lawsuits, with law firms urging affected individuals to come forward to discuss their legal options and potential remedies[2][3][4][6].

Victims of the breach are advised to remain vigilant for signs of identity theft and to take steps to secure their accounts and personal information[3].

Citations:

  1. https://www.jdsupra.com/legalnews/des-moines-orthopaedic-surgeons-1208817/
  2. https://www.turkestrauss.com/2024/01/24/des-moines-orthopaedic-surgeons-data-breach-investigation/
  3. https://www.myinjuryattorney.com/des-moines-orthopaedic-surgeons-data-breach-class-action-investigation-and-lawsuit-assistance/
  4. https://www.classaction.org/data-breach-lawsuits/des-moines-orthopaedic-surgeons-p.c-january-2024
  5. https://www.idstrong.com/sentinel/orthopaedic-surgeon-group-breached-by-vendor-cyberattack/
  6. https://www.msdlegal.com/blog/2024/01/des-moines-orthopaedic-surgeons-p-c-data-breach-class-action-investigation/
  7. https://www.kjan.com/index.php/2024/02/des-moines-orthopaedic-surgeons-p-c-warns-patients-about-a-data-breach-11-months-after-the-fact/
  8. https://www.mass.gov/doc/assigned-data-breach-number-2024-137-des-moines-orthopaedic-surgeons-pc/download
Breach Submission Date Jan 22, 2024
Converted Entity Name Des Moines Orthopaedic Surgeons, P.C.
Converted Entity Type Healthcare Provider
State IA
Individuals Affected 307,864
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes