Posted On July 9, 2022 Consumer Privacy & Data Breaches
July 8, 2022 – Recently, OrthoNebraska Hospital announced a data breach following an incident in which an unauthorized party gained access to an employee’s email account. As a result of the breach, sensitive patient information was compromised, including patients’ first and last names, genders, home addresses, phone numbers, dates of birth, driver’s license numbers, state identification card numbers, usernames and passwords, Social Security numbers, medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider names, medical account numbers and insurance information. OrthoNebraska has not yet filed an official notice of the breach. Thus, it is currently unknown how many patients were affected by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the OrthoNebraska data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from OrthoNebraska Hospital.
According to a notice posted on the company’s website, on around December 7, 2021, OrthoNebraska learned that spam messages were sent from what appeared to be a company email address. In response, OrthoNebraska secured the compromised email account, reset all company email account passwords, and enlisted the assistance of cybersecurity professionals to investigate the incident.
The company’s investigation confirmed that on December 1, 2021, “an unauthorized individual or individuals gained access to the email account and, as a result, likely obtained some information.” OrthoNebraska then engaged in a manual review of all compromised files to determine what, if any, patient data was affected. While the breached information varies depending on the individual, it may include your first and last name, gender, home address, phone number, date of birth, driver’s license number, state identification card number, usernames and passwords, Social Security number, medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, medical account number and insurance information.
Around the end of June 2022, OrthoNebraska Hospital posted notice of the breach on its website and began the process of sending out data breach letters to all patients who were affected by the breach.
OrthoNebraska Hospital is an orthopedic specialty hospital located in Omaha, Nebraska. The hospital provides a range of orthopedic services, including imaging, physical therapy, orthopedic urgent care, sports medicine, orthopedic surgery and virtual care. OrthoNebraska operates seven locations throughout Omaha, as well as clinics in Council Bluffs, IA, Fairfax, MO, Norfolk, NE and Papillion, NE. OrthoNebraska employs approximately 400 people.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the OrthoNebraska data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by OrthoNebraska Hospital (the actual notice sent to consumers can be found here):
On or about December 7, 2021, OrthoNebraska learned that spam messages were sent from what appeared to be an OrthoNebraska email account. At this time, OrthoNebraska’s internal and external security team moved quickly to secure the email account and perform an enterprise-wide password reset. Further, they engaged independent external experts to assist in determining the nature and scope of the incident.
At the conclusion of the investigation, OrthoNebraska determined that on December 1, 2021, an unauthorized individual or individuals gained access to the email account and, as a result, likely obtained some information. At that time, OrthoNebraska began a comprehensive review of the affected email account and determined that the impacted data contained protected personal and health information.
The protected health information involved may include demographic information (i.e., first and last name, gender, home address, phone number, and date of birth), driver’s license numbers, state identification card numbers, usernames and passwords, Social Security Numbers; clinical information (i.e., medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar the medical file and/or record); and health insurance policy, and claim information). However, as of now, OrthoNebraska has no evidence indicating that any information has been used for identity theft or financial fraud. Additionally, there is no indication of access to any medical records contained in the medical records database.
OrthoNebraska is offering complimentary credit monitoring and identity theft protection services to individuals impacted or involved in the incident. If interested in signing up for the complimentary credit monitoring, individuals must do so within 90 days of receiving their notification letter from OrthoNebraska. If you believe you were impacted by this incident and wish to take advantage of these services, please contact the dedicated toll-free helpline (as stated below).
OrthoNebraska takes the responsibility to protect the security and privacy of the information in its care with the utmost seriousness. In response to this incident, OrthoNebraska is implementing additional safeguards to its existing information security infrastructure and enhancing its employee information security training. Further, OrthoNebraska is working with its external experts to improve its policies, procedures, and protocols to help minimize the likelihood of this type of incident occurring.
For individuals seeking more information or who have questions, OrthoNebraska established a dedicated toll-free helpline set up specifically for this purpose at 1-800-405-6108 from 8:00 a.m. to 8:00 p.m. Eastern time, Monday through Friday (except holidays). Representatives are available for 90 days. In addition, individuals seeking to contact OrthoNebraska directly may write to OrthoNebraska at 2808 south 143rd Plaza, Omaha, Nebraska 68144.