Northeast Orthopedics suffers data breach


New York healthcare provider Northeast Orthopedics and Sports Medicine has suffered a cyberattack, jeopardizing more than 177,000 people – many, if not all, of whom will have been patients.

Northeast Orthopedics, which has nine centers across the state, says it first detected the intrusion into its computer systems on November 22nd when it spotted “unusual activity.” By December 29th, just over a month later, it was able to confirm that “potential unauthorized access to certain data on our network” had taken place.

The healthcare provider issued a statement on its website on February 9th, making the declaration. However, the revelation appears to have gone largely unnoticed at the time.

The bulletin declared that data exposed “may have included information related to patients of Northeast Orthopedics, including name, Social Security number, driver's license information, payment information, date of birth, medical record information, health insurance information, and treatment and diagnosis information.”

A further notice issued to the attorney general’s office in Maine on March 5th further clarified the incident as having affected 177,276 people – although it is not clear if these were exclusively patients or also included staff members and third parties.

Maine imposes unusually strict reporting requirements on any organizations suffering cyberattacks affecting its residents, although in this case only 42 were among the victims.

Northeast Orthopedics says it has reached out to these and offered them free credit monitoring and identity protection services, which it claims includes up to $1 million in identity theft insurance.

It adds that so far it has seen no evidence so far that the stolen data has been fraudulently misused.

In its original statement, Northeast said it had hired a cybersecurity firm to re-secure its network, implement “additional precautions,” and review its data protection policies.

It added: “In general, we encourage individuals to remain vigilant against incidents of identity theft and fraud by reviewing credit reports/account statements and explanation of benefits forms for suspicious activity and to detect errors.”


More from Cybernews:

Tech companies hinder independent AI research, open letter says

ALPHV/BlackCat ransom gang fakes own takedown, fact or fiction?

Facebook and Instagram back online after major outage

AI urbanism: opportunities and challenges

Public trust in AI rapidly shrinking globally, America sees sharpest drop

Subscribe to our newsletter