OrthoAlaska, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

OrthoAlaska, LLC, a healthcare provider based in Anchorage, Alaska, experienced a significant data breach affecting a large number of its patients. The breach was first discovered on October 12, 2022, when OrthoAlaska detected unauthorized activity within its systems. Following this discovery, the organization took immediate steps to secure its systems and initiated an investigation with the help of independent cybersecurity experts. This investigation revealed that sensitive personal and protected health information (PHI) of OrthoAlaska patients may have been accessed without authorization.

The data breach impacted approximately 176,203 individuals, making it a substantial incident in terms of the number of affected patients[1][3][13]. The types of information potentially involved in the breach include names, dates of birth, addresses, Social Security numbers, health insurance information, and medical information[4][5]. OrthoAlaska has not publicly disclosed the specific details of the information affected but has acknowledged the breach and the potential exposure of PHI.

OrthoAlaska began notifying affected individuals about the breach on October 11, 2023, nearly a year after the initial discovery of the unauthorized activity. The notification included information about the incident and steps that potentially impacted individuals could take to protect their information. OrthoAlaska also offered complimentary identity theft protection services through IDX, which include credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services[5][12].

The breach has prompted investigations and legal interest, with law firms such as Migliaccio & Rathod LLP and Turke & Strauss LLP investigating the incident and considering potential legal remedies for those affected[2][7]. These investigations aim to understand the circumstances leading to the breach, the extent of the information compromised, and the potential impact on affected individuals.

OrthoAlaska is a healthcare provider offering orthopedic and rheumatology services to patients throughout Alaska, with locations in Anchorage, Eagle River, and Wasilla. The organization employs more than 81 people and generates approximately $25 million in annual revenue[3]. The breach has raised concerns about the security of patient information and the measures in place to protect against unauthorized access and potential misuse of sensitive data.

Citations:

  1. https://www.hipaajournal.com/176200-ortho-alaska-patients-affected-by-data-breach/
  2. https://classlawdc.com/2023/10/18/orthoalaska-data-breach-investigation/
  3. https://www.jdsupra.com/legalnews/orthoalaska-announces-files-notice-of-4479612/
  4. https://healthitsecurity.com/news/rcm-company-reports-data-breach-tied-to-moveit-software-1.9m-impacted
  5. https://www.prnewswire.com/news-releases/orthoalaska-llc-provides-notice-of-data-security-incident-301954288.html
  6. https://colevannote.com/investigations/
  7. https://www.turkestrauss.com/2023/10/19/orthoalaska-data-breach-investigation/
  8. https://www.hipaajournal.com/september-2023-healthcare-data-breach-report/
  9. https://abingtonlaw.com/OrthoAlaska-Data-Breach-class-action-lawsuit.html
  10. https://osinter.dk/article/1fe34542c560d6d5189332001c85ab4e
  11. https://apps.web.maine.gov/online/aeviewer/ME/40/29e7dc48-81ff-4eb9-802d-2b59d6b1274c.shtml
  12. https://www.mass.gov/doc/assigned-data-breach-number-30734-orthoalaska-llc/download
  13. https://www.beckersspine.com/orthopedic-spine-practices-improving-profits/57949-orthoalaska-hit-with-data-breach.html
Breach Submission Date Sep 22, 2023
Converted Entity Name OrthoAlaska, LLC
Converted Entity Type Healthcare Provider
State AK
Individuals Affected 176,203
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes