Florida Orthopaedic Institute reports breach affecting 640,000 individuals
Florida Orthopaedic Institute (FOI), a healthcare provider based in Tampa, reported a breach earlier this month following an April security incident.
The breach affected 640,000 individuals, according to the Office for Civil Rights (OCR) breach portal.
On April 9, FOI discovered a ransomware attack had encrypted data stored on its servers. FOI says it immediately took steps to restore impacted data, secure the environment, and initiate an internal investigation. Additionally, the company worked with a third-party forensic expert to help with the investigation. On May 6, the investigation concluded, revealing that personal information of patients may have been accessed during the security incident.
The information may have included names, dates of birth, social security numbers, and medical information related to the following:
- Appointment times
- Claims addresses
- Diagnosis codes
- FOI claims history
- Insurance plan identification numbers
- Payer identification numbers
- Payment amounts
- Physician locations
Notifications were sent to affected individuals, according to FOI. The organization is offering complimentary credit monitoring services to those affected, as well as providing guidance to patients about steps they can take to protect their personal information. FOI also noted that it has updated its internal procedures and added safeguards.
FOI is facing a class-action lawsuit, according to WFLA in Tampa. The law firm Morgan & Morgan filed the suit, alleging that FOI did not do enough to protect patients’ personal data and did not act fast enough when it discovered the breach.
The lawsuit seeks $99 million, according to WFLA.