Notice of a Data Incident
OAK Orthopedics (“OAK”) earlier this summer discovered a data incident that may have involved certain individuals' personal information. Importantly, OAK Orthopedics remained open and continued to treat OAK Orthopedics patients throughout this incident.
On July 4, 2024, OAK Orthopedics detected unauthorized access to certain computer systems on the OAK Orthopedics network. OAK Orthopedics immediately initiated an investigation, retained cybersecurity experts and notified law enforcement. Through its IT infrastructure, OAK Orthopedics took all steps to immediately secure its environment from any additional malicious activities in order to safeguard its systems. The investigation determined that an unauthorized third party accessed the OAK Orthopedics network between May 30, 2024, and July 4, 2024, and acquired certain files during this period. To date, OAK Orthopedics is not aware of any such data being misused.
Based on the results of its investigation, OAK Orthopedics reviewed the involved files to identify the individuals whose information may have been accessed or acquired without authorization during the incident. OAK Orthopedics determined that the involved files contained personal information for certain individuals, including, depending on the individual, their name, address, date of birth, Social Security number, tax identification number, driver’s license number, passport number, medical treatment or diagnosis information, and/or health insurance or claims information.
OAK Orthopedics sent written notifications to individuals whose personal information or protected health information may have been involved in the incident and for whom OAK Orthopedics has current contact information. Notified individuals should refer to their notification letter regarding steps to take to protect themselves. Although OAK Orthopedics has no evidence that any information has been misused as a result of this incident, as described in the notification letters, OAK Orthopedics has arranged for complimentary identity theft protection services for those individuals whose Social Security numbers and/or driver’s license numbers were potentially involved in the incident.
As a precautionary measure, individuals should remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Notified individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Notified individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
OAK Orthopedics is committed to maintaining the privacy and security of the information entrusted to it and apologizes for any inconvenience this incident might cause. OAK Orthopedics has taken, and is taking, additional steps to help reduce the likelihood of a similar event from happening in the future, including enhancing its technical security measures. Individuals seeking additional information may call a confidential, toll-free inquiry line at 866-574-0969 from 8:00 a.m. – 8:00 p.m. Central, Monday through Friday, excluding major U.S. holidays.
Frequently Asked Questions
What happened?
On July 4, 2024, OAK Orthopedics detected unauthorized access to certain computer systems on the OAK Orthopedics network. OAK Orthopedics immediately initiated an investigation, retained cybersecurity experts and notified law enforcement. Through its IT infrastructure, OAK Orthopedics took all steps to immediately secure its environment from any additional malicious activities in order to safeguard its systems. The thorough investigation determined that an unauthorized third party was able to access portions of the OAK Orthopedics network and acquire certain files. To date, OAK Orthopedics not aware of any such data being misused.
OAK Orthopedics is now sending written notice to individuals whose personal information or protected health information may have been involved in the incident, and for whom OAK Orthopedics has current contact information. OAK Orthopedics is also notifying patients through the notice on its website. Notified individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. Although OAK Orthopedics has no evidence that any information may have been misused as a result of this incident, it has arranged for complimentary identity theft protection services for those individuals whose personal information may have been involved in the incident.
Are you open? Can I still come to my appointment?
Yes. Patients have and continue to be able to receive care and proceed with scheduled appointments at all OAK Orthopedics facilities.
Is this a cyberattack?
After OAK Orthopedics detected unauthorized access to certain computer systems on its network, OAK Orthopedics immediately initiated an investigation, retained cybersecurity experts and notified law enforcement. Through its IT infrastructure, OAK Orthopedics took all steps to immediately secure its environment from any additional malicious activities in order to safeguard its systems.
Is my personal information/health data/payment or financial information at risk?
Based on the results of the thorough investigation, OAK Orthopedics reviewed the potentially affected systems to identify the individuals whose information may have been accessed or acquired without authorization during the incident. OAK Orthopedics is now sending written notice to individuals whose personal information or protected health information may have been involved in the incident, and for whom OAK Orthopedics has current contact information. OAK Orthopedics is also notifying patients through the notice on its website.
Notified individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. Although OAK Orthopedics has no evidence that any information may have been misused as a result of this incident, it has arranged for complimentary identity theft protection services for those individuals whose personal information may have been involved in the incident.