Tennessee Orthopaedic Clinics
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Tennessee Orthopaedic Clinics (TOC) experienced a data breach in which an unauthorized party gained access to their computer network between March 20, 2023, and March 24, 2023. The breach resulted in the exposure of a variety of patient information, including names, contact information, dates of birth, diagnosis and treatment information, provider names, dates of service, cost of services, prescription information, and health insurance information[1][3][5][9].
TOC filed a notice of the breach with the U.S. Department of Health and Human Services Office for Civil Rights on May 19, 2023, and began sending out data breach notification letters to affected individuals[1]. The extent of the breach was initially reported to the HHS as affecting 500 individuals, a placeholder number often used until the full extent of a breach is known[9].
In response to the incident, TOC secured its computer systems and engaged third-party data security professionals to assist with the investigation[1]. They have also implemented additional safeguards and technical security measures to prevent similar breaches in the future[9].
A class action lawsuit has been filed against TOC, alleging that the clinic’s “outdated” and “negligent” cybersecurity practices led to the breach. The lawsuit claims that TOC failed to implement updated cybersecurity practices to protect patient data from unauthorized disclosure, leaving its network vulnerable to theft and misuse[3]. As of the date of the lawsuit filing, TOC had not yet sent out notices to all affected individuals, which is a violation of Tennessee law that requires companies to notify victims within 45 days of a breach[3].
Affected individuals are now at risk of fraud or identity theft due to the breach and have been advised to understand their legal options and how to protect themselves[1]. However, as of the filing of the complaint, TOC had not offered any form of credit monitoring services to the victims[3].
Citations:
- https://www.jdsupra.com/legalnews/tennessee-orthopaedic-clinics-notifies-4908917/
- https://hughston.com
- https://www.classaction.org/news/tennessee-orthopaedic-clinics-facing-class-action-over-march-2023-data-breach
- https://scottishriteforchildren.org
- https://www.databreaches.net/tennessee-orthopaedics-clinics-notifies-hhs-of-breach-has-yet-to-notify-patients/
- https://www.mayoclinic.org
- https://seculore.com/state/tennessee/05-26-2023-tn-tennessee-orthopaedic-clinics/
- https://www.covenanthealth.com
- https://www.healthcarefacilitiestoday.com/posts/details.aspx?id=28653
- https://www.resurgens.com
- https://www.tn.gov/content/tn/attorneygeneral/news/2024/1/24/pr24-08Memphis-Orthopedic-Clinic-Agrees-to-Pay-540%2C000.html?fbclid=IwAR3x90uT70yi0fQ5ZQBl4aDWWdxB9UDHci04X2gZdoj06YCazAT_cOb9YYc
- https://www.quidelortho.com
- https://topclassactions.com/lawsuit-settlements/closed-settlements/tennessee-orthopedic-alliance-phishing-attack-class-action-settlement/
- https://nyulangone.org
- https://www.hipaajournal.com/il-ky-tn-healthcare-cyberattacks/
- https://www.molinahealthcare.com