Prosthetic & Orthotic Care, with offices in Missouri and Illinois, announced that it experienced a data breach that has resulted in the disclosure of its patient information. The hacker exploited a previously unknown flaw in software purchased by P&O Care, and the thieves obtained patient medical records that include names, contact information, patient identification numbers, diagnostic codes, appointment dates, and last billing amounts. Some records also contain Social Security numbers, birth dates, medical insurance carriers, and identification information and photos of procedures.
According to a press release, the company learned of the possibility of an incident on July 10, and the Federal Bureau of Investigation began investigating the matter.
“P&O Care deeply regrets that this incident occurred and understands the importance of personal information security,” Jim Weber, P&O Care’s CEO, said. “We are working diligently to notify our patients of this risk, and in light of this attack, we are also working with a nationally recognized security firm to further enhance our security and guard our patients’ information.”
The following are among the steps the company is taking to respond to this breach and further improve the security of its patient records:
- Providing notice of the theft to those identified as potentially being at risk
- Advising patients about specific steps they can take to protect against identity theft; for example, patients are advised against providing or verifying any unsolicited requests to confirm any sensitive personal information
- Providing patients with a year of credit monitoring through AllClear ID at no expense to patients
- Operating a toll-free number dedicated to providing information to those affected by the attack
- Retaining a nationally recognized security firm to advise on measures to enhance security
- Adding additional measures to thwart future attacks
- Monitoring the system to detect any signs of an ongoing attack
P&O Care has also advised that affected individuals should take the following action to protect themselves from potential harm resulting from the breach:
- Immediately file a report with local police if you believe your identity has been stolen.
- Place an initial fraud alert on your credit reports, which can be done by contacting any one of the three credit reporting agencies; once you place an initial fraud alert with one of the three credit agencies, it will share that information with the other two.
- Review the Federal Trade Commission’s publication, “Taking Charge: What to Do if Your Identity Is Stolen,” which contains additional information, including step-by-step checklists to report and repair identity theft.
Those affected will be receiving a notification letter with a toll-free number they may call with further questions. In the meantime, potentially affected persons seeking additional information may e-mail [email protected].