OrthoWest, PC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

OrthoNebraska, previously known as OrthoWest, PC, experienced a data breach that compromised sensitive personal identifiable information and protected health information of an unknown number of patients. The breach occurred on or about December 7, 2021, when an unauthorized party accessed an OrthoNebraska email account and potentially obtained patient information. The compromised data included names, Social Security numbers, addresses, telephone numbers, dates of birth, driver’s license numbers, state identification card numbers, usernames and passwords, clinical information, health insurance information, and claim information[1][4].

OrthoNebraska began notifying affected individuals and offered free credit monitoring services. They also advised patients to change passwords and security questions for online accounts, regularly review account statements, monitor credit reports, and contact credit bureaus to request a temporary fraud alert or a credit freeze[1].

The breach was not due to a compromise of OrthoNebraska’s systems but was related to a data breach at their vendor, Welltok, Inc. Welltok’s MOVEit Transfer server was exploited by an unknown actor on May 30, 2023, leading to the exfiltration of certain data during that time[2].

OrthoNebraska has taken steps to enhance employee information security training and implement additional safeguards to protect data going forward. They have also provided resources to help individuals protect their information and have set up a designated helpline for those impacted by the incident[8].

The breach at OrthoNebraska is part of a larger issue of healthcare data breaches in Nebraska, with OrthoWest, PC being one of several organizations affected by hacking/IT incidents[6]. The Welltok-related data breach reportedly affected 8.5 million people and included other Nebraska healthcare organizations[11].

For more information or to take action if you believe you have been affected by the OrthoNebraska data breach, it is recommended to follow the guidance provided in the breach notifications and to contact the designated helpline or Welltok for support[2][8].

Citations:

  1. https://www.turkestrauss.com/2022/07/01/orthonebraska-data-breach-investigation/
  2. https://orthonebraska.com/notice-data-breach/
  3. https://orthonebraska.com
  4. https://www.jdsupra.com/legalnews/orthonebraska-hospital-reports-leaked-2426111/
  5. https://omaha.com/news/nation-world/business/nebraska-orthopaedic-hospital-and-orthowest-join-under-rebranded-name-orthonebraska/article_9e0e8fc2-c498-52b9-ad9c-0954d23ddd35.html
  6. https://stacker.com/nebraska/biggest-health-care-data-breaches-you-should-know-about-nebraska
  7. https://www.idstrong.com/sentinel/orthopaedic-surgeon-group-breached-by-vendor-cyberattack/
  8. https://omaha.com/news/local/patient-information-compromised-in-orthonebraska-data-breach/article_d1ad86e0-f8b4-11ec-9782-a79782d42990.html
  9. https://orthonebraska.com/nebraska-hospital-orthowest-orthonebraska/
  10. https://www.idstrong.com/sentinel/health-organization-records-stolen-via-welltoks-moveit/
  11. https://journalstar.com/news/local/business/health-care/3-nebraska-health-care-organizations-affected-data-breach/article_f43b42ac-9943-11ee-b9e7-ebc88f2143a2.html
Breach Submission Date Jun 30, 2022
Converted Entity Name OrthoWest, PC
Converted Entity Type Healthcare Provider
State NE
Individuals Affected 1,369
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes