On March 25, 2025, Concord Orthopaedics (“COPA”) filed a notice of data breach with the Attorney General of New Hampshire after discovering a cybersecurity incident involving third-party software. In this notice, COPA explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, dates of birth, driver’s license numbers, state identification numbers, and health insurance information. Upon completing its investigation, Concord Orthopaedics began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Concord Orthopaedics, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Concord Orthopaedics data breach. For more information, please see our recent piece on the topic here.
What Caused the Concord Orthopaedics Data Breach?
The Concord Orthopaedics data breach was only recently announced, and more information is expected in the near future. However, Concord Orthopaedics’ filing with the Attorney General of New Hampshire provides some important information on what led up to the breach. COPA also posted a website notice discussing the incident.
According to these sources, on November 21, 2024, Concord Orthopaedics was notified by a third-party software vendor that a program used by COPA may have been subject to unauthorized access. In response, COPA secured its own network, shut down any access the vendor’s software had to its network, and then launched an investigation with the help of cybersecurity experts.
Through this investigation, Concord Orthopaedics learned that an unauthorized party had been able to access the third party’s software product. However, there was no evidence that COPA’s systems were breached. Still, the unauthorized party had access to confidential patient information through the vendor’s software.
After learning that sensitive consumer data was accessible to an unauthorized party, Concord Orthopaedics reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, date of birth, driver’s license number, state identification number, and health insurance information.
On March 25, 2025, Concord Orthopaedics sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Concord Orthopaedics
Concord Orthopaedics is a medical practice specializing in comprehensive orthopedic care, including surgical and non-surgical treatment of bones, joints, muscles, and related conditions. Headquartered in Concord, New Hampshire, the practice offers services in areas such as sports medicine, spine care, hand and wrist surgery, joint replacement, and physical therapy. With multiple locations across the region, Concord Orthopaedics provides patient-centered care using advanced techniques and personalized treatment plans. The organization employs approximately 237 people and generates an estimated $15 million in annual revenue.
