On May 19, 2023, Tennessee Orthopaedic Clinics (“TOC”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) after determining that an unauthorized party was able to access confidential patient data stored on the company’s computer network. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to patients’ names, contact information, dates of birth, diagnosis and treatment information, provider names, dates of service, cost of services, prescription information, and health insurance information. After confirming that consumer data was leaked, TOC began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from Tennessee Orthopaedic Clinics, it is essential you understand what is at risk and what you can do about it. As we’ve discussed in previous posts, healthcare data breaches pose significant risks to victims due to the broad range of highly sensitive data providers maintain on behalf of patients. A data breach lawyer can help you understand how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Tennessee Orthopaedic Clinics data breach.
What We Know So Far About the Tennessee Orthopaedic Clinics Breach
News of the Tennessee Orthopaedic Clinics data breach is still fresh; however, what we know at this point comes from the company’s filing with the HHS-OCR, as well as a “Notice of Security Incident” posted on its website. According to these sources, TOC recently detected suspicious activity within portions of its computer network. In response, Tennessee Orthopaedic Clinics took the necessary steps to secure its computer system and then enlisted the help of third-party data security professionals to assist with the company’s investigation.
The TOC investigation confirmed that an unauthorized party was able to access parts of its computer network between March 20, 2023 and March 24, 2023. TOC was also able to determine that some of the files that were accessible to the unauthorized party contained confidential patient information.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Tennessee Orthopaedic Clinics began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, contact information, date of birth, diagnosis and treatment information, provider names, dates of service, cost of services, prescription information, and health insurance information.
On May 19, 2023, Tennessee Orthopaedic Clinics sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Tennessee Orthopaedic Clinics
Tennessee Orthopaedic Clinics is a specialized healthcare provider based in Knoxville, Tennessee. TOC provides a broad range of orthopedic services, including back and spine surgery, arthroscopic surgery, knee surgery, wrist surgery and more. The company operates nine facilities throughout Tennessee, including in Louisville, Knoxville, Oak Ridge, Sevierville, and Lenoir City. Several of the company’s locations provide same-day appointments. Tennessee Orthopaedic Clinics employs more than 331 people and generates approximately $14 million in annual revenue.