Peachtree Orthopaedic Clinic data breach impacted close to 35,000 patients

Atlanta-based healthcare provider Peachtree Orthopaedic Clinic said it suffered a significant data breach that has compromised the sensitive personal information of close to 35,000 patients.

In a data breach notice posted on its website, Peachtree Orthopaedic said that on the 20th of April, it identified unauthorised access to its internal network and Immediately launched an internal investigation with assistance from third-party cyber security experts to understand the nature and scope of the incident. The clinic also notified law enforcement agencies about the security incident.

Peachtree Orthopaedic’s internal investigation revealed that the threat actor, who infiltrated its network, was able to access the sensitive personal information of its patients. The compromised information included patients’ names, addresses, dates of birth, driver’s license numbers, Social Security numbers, medical treatment, diagnosis information, treatment cost, financial account information, and health insurance claims and provider information.

“Upon discovering this incident, we changed account passwords and implemented additional security measures to further protect information and reduce the risk of a similar incident occurring in the future,” the clinic said.

The healthcare provider informed the Office of the Attorney General of Maine via an official filing that at least 34,691 individuals were affected by the security incident.

The clinic has urged individuals to remain vigilant against incidents of identity theft and fraud by reviewing their credit reports and account statements and reporting any suspicious activity to relevant authorities and their financial institutions.

Peachtree Orthopaedic Clinic is also providing all affected patients a year of complimentary credit monitoring and identity protection services and has started notifying all affected individuals from the 17th of July about the data breach.

A notorious threat actor going by the name Karakurt has claimed responsibility for the cyber attack on Peachtree Orthopaedic Clinic and listed the healthcare provider as its latest victim on its data leak site.

According to DataBreaches, Karakurt’s listing of the healthcare provider contains the date “May 17 2023” along with “181 GB DATA” in red. The significance of the date is not very clear in the post. The threat actor has also claimed to be in possession of “many lines with SSNs, almost 1000 of credit cards, other detailed personal information, medical records and tons of corporate data.”

The threat actor has so far refrained from publishing the stolen data, but the possibility of the same cannot be ruled out.