Medical device maker Exactech breached

Exactech, a global medical device company specializing in implants and surgical instruments has admitted to suffering a data breach that may have exposed people’s personal information.

According to the statement, Exactech identified unusual activity on its computer network in April 2023. The investigation revealed that “certain files” were likely downloaded from the systems without authorization between April 4th and 20th.

“The review determined what records may have been affected for individuals in the United States. Exactech then began working to determine contact information for potentially affected individuals and has mailed written notice of this incident to those for whom it has contact information,” the company added.

The stolen data may include names, Social Security and other government-issued identification numbers, financial account and credit/debit card information, health insurance and medical data, usernames, emails and passwords, and other personal details. The data exposed varies by individual.

The statement did not specify the number of victims, but a data breach notification filed with the Office of the Maine Attorney General indicated that 4,230 persons were affected.

“Exactech notified federal law enforcement and is notifying relevant regulatory authorities as required. At this time, this investigation has found no evidence that any personal information has been misused beyond the initial unauthorized download,” the company said.

Exactech is urging those affected to remain vigilant to potential identity theft and fraud incidents. This involves reviewing account statements and taking advantage of free credit reports for suspicious activity or errors.