Orthopaedic Healthcare Provider Hacked – 106,910 Affected

Date21 Dec 2021

Comment0

Southern Orthopaedic Associates, D/B/A Orthopaedic Institute of Western Kentucky, Suffers Data Breach

Southern Orthopaedic Associates, d/b/a Orthopaedic Institute of Western Kentucky (“Southern Orthopaedic” or “SOA”), recently filed a Data Breach Notification with the Office Of The Maine Attorney General.

SOA’s notification of the data event stated, among other things, that

[o]n or about July 8, 2021, SOA became aware of suspicious activity relating to an employee email account. SOA immediately launched an investigation to determine what may have happened. Working together with an outside computer forensics specialist, SOA determined that an unauthorized individual accessed several employee email accounts between June 24, 2021 and July 8, 2021. Because SOA was unable to determine which email messages in the accounts may have been viewed by the unauthorized actor, SOA reviewed the entire contents of the affected email accounts to identify what personal information was accessible to the unauthorized actor. This review was complete by October 21, 2021. After identifying the individuals who may have been impacted, [Southern Orthopaedic] worked to confirm current mailing addresses for the impacted individuals and prepare an accurate written notice of this incident.

The information that could have been subject to unauthorized access includes name, and Social Security Number. [Emphasis added.]

A copy of SOA’s notification of the data event can be viewed by clicking “Nature of the Data Event.”

Have You Been Impacted by A Data Breach?

If so, please complete the form on the right or contact Kehoe Law Firm, P.C., [email protected], for a free, no-obligation evaluation of potential legal claims.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.