On September 22, 2023, OrthoAlaska filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that confidential information that had been entrusted to the company was subject to unauthorized access. In this notice, OrthoAlaska explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, OrthoAlaska began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from OrthoAlaska, it is essential you understand what is at risk and what you can do about it. While OrthoAlaska doesn’t appear to have publicly released the leaked data types, it is still imperative that potentially affected parties prepare accordingly. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the OrthoAlaska data breach. For more information, please see our recent piece on the topic here.
What Caused the OrthoAlaska Breach?
The OrthoAlaska data breach was only recently announced, and more information is expected in the near future. And unfortunately, OrthoAlaska’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides little information on what led up to the breach. According to this source, we know that the incident involved a “Hacking/IT incident” of a network server, and, as a result, the personal information of 176203 individuals was compromised.
Of course, there are still many unanswered questions; for example, we don’t know whether this was an incident that occurred at OrthoAlaska or one of the company’s third-party vendors.
Regardless, after learning that sensitive consumer data was accessible to an unauthorized party, OrthoAlaska reviewed the compromised files to determine what information was leaked and which consumers were impacted. OrthoAlaska has not posted notice of the incident on its website, so it’s impossible to know what information was leaked. However, companies are only required to report breaches to the U.S. Department of Health and Human Services Office for Civil Rights if the breach affects the Protected Health Information of 500 or more people. Thus, some are suggesting that the OrthoAlaska breach likely involved health information.
On September 22, 2023, OrthoAlaska notified the U.S. Department of Health and Human Services Office for Civil Rights of the incident. Typically, this is around the time that companies begin sending out data breach letters to those who were affected by a breach. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About OrthoAlaska
OrthoAlaska is a healthcare provider based out of Anchorage, Alaska. OrthoAlaska provides orthopedic and rheumatology services to patients throughout Alaska, operating out of three offices in Anchorage, Eagle River, and Wasilla. OrthoAlaska is in-network with Aetna, Premera Blue Cross Blue Shield of Alaska, CIGNA, First Choice, MultiPlan, Moda and other insurers. OrthoAlaska employs more than 81 people and generates approximately $25 million in annual revenue.
