Southeastern Orthopaedic Specialists, PA

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Southeastern Orthopaedic Specialists, PA (SOS), a healthcare provider based in Greensboro, North Carolina, experienced a data breach that was first reported on December 19, 2023. An unauthorized party gained access to SOS’s computer network and accessed files containing confidential patient information. The compromised data included names, demographic information, and reasons for patients’ visits[1][3].

The breach was announced after SOS filed a notice with the Attorney General of Montana, and the company began sending out data breach notification letters to affected individuals on December 19, 2023. These letters were intended to inform victims about the breach and the specific information about them that was compromised[1].

SOS operates two offices in the Piedmont Triad area of North Carolina, staffed by 17 physicians and surgeons, and employs more than 131 people, generating approximately $20 million in annual revenue[1].

The NoEscape ransomware gang claimed responsibility for the attack, stating that they locked the network on October 25, 2023, and exfiltrated 3 GB of files. They also indicated that SOS had not responded to their demands, which led to a Distributed Denial of Service (DDoS) attack on SOS’s website[5].

Victims of the data breach have been advised to remain vigilant for signs of identity theft and to take steps to secure their personal information. Legal options, including the possibility of a class action lawsuit, are being explored by law firms for those affected by the breach[3].

It is important for individuals who received a data breach notification from SOS to understand the risks and to consider taking appropriate measures to protect themselves from potential fraud or identity theft as a result of the breach[1].

Citations:

  1. https://www.jdsupra.com/legalnews/southeastern-orthopaedic-specialists-3460338/
  2. https://www.nbcnews.com
  3. https://www.myinjuryattorney.com/southeastern-orthopaedic-specialists-data-breach-class-action-investigation-and-lawsuit-assistance/
  4. https://atriumhealth.org
  5. https://www.databreaches.net/noescape-gang-adds-two-more-medical-entities-to-their-leak-site/
  6. https://www.jointcommission.org
  7. https://www.beckersspine.com/orthopedic/58602-10-location-florida-orthopedic-practice-suffers-data-breach.html
  8. https://www.tricare.mil
  9. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
  10. https://www.espn.com
  11. https://www.thelyonfirm.com/blog/carespring-ransomware-attack-investigation/
  12. https://www.businessinsider.com
  13. https://www.mass.gov/doc/assigned-data-breach-number-2024-074-southeastern-othopaedic-specialists-pc/download
  14. https://247sports.com/college/usc/
  15. https://www.beckersspine.com/orthopedic-spine-practices-improving-profits/58612-11-orthopedic-data-breaches-in-2023.html
  16. https://skillbridge.osd.mil/locations.htm
Breach Submission Date Dec 21, 2023
Converted Entity Name Southeastern Orthopaedic Specialists, PA
Converted Entity Type Healthcare Provider
State NC
Individuals Affected 35,533
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes