On March 25, the Bethesda, Md.-based Centers for Advanced Orthopaedics began notifying 125,291 patients, employees and dependents of a cyberattack that took place over a yearlong breach.
In a news release, the orthopedics center said that on Sept. 17, 2020, it identified unusual email activity and launched an investigation with assistance from cybersecurity experts. The investigation found that multiple employee email accounts were accessed by a cybercriminal between October 2019 and September 2020.
On Jan. 25, 2021, CAO concluded that protected health information was contained in the emails accessed by a cybercriminal. However, CAO said it's unsure if the information was accessed or acquired by the unauthorized party.
The information exposed in the email hacks may include Social Security numbers, financial account information, passport numbers and more. CAO said it is unaware of any misuse of this information.
In response, CAO is reviewing its policies and procedures, assessing its security infrastructure and implementing additional safeguards to prevent similar incidents from occurring in the future.