On August 6, 2024, Atlantic Orthopaedic Specialists, also known as Vann Virginia Center for Orthopaedics, discovered unauthorized access to one of its corporate email accounts.
What happened
An immediate investigation occurred with the help of cybersecurity experts to assess the breach’s scope. The investigation revealed that an unauthorized third party accessed and possibly removed files from email accounts between June 20 and August 6, 2024. These files contained sensitive information including names and Social Security numbers.
On October 28, 2024, after a detailed forensic review, Atlantic Orthopaedic confirmed the potential exposure of protected health information (PHI). Although there was no evidence of misuse, the organization began notifying affected individuals on November 22, 2024.
Why it matters
The data breach was an email account compromise. Unauthorized access to one corporate email account allowed third parties to view and remove files. This type of breach is often linked to phishing attacks and weak security protocols.
As email counts contain a record of all the company's activities, this breach leaves patients and Atlantic Orthopaedic vulnerable for years to the threat of blackmail or fraud.
Related: HIPAA Compliant Email: The Definitive Guide
FAQs
What is a data breach?
It happens when unauthorized people gain access to information through hacking, accidental leaks, or weak security systems.
Why is encryption necessary?
It scrambles information into a code so that only authorized people can read it.
What is PHI?
Protected health information is any health-related information that could be used to identify someone.
Kirsten Peremore
