Tennessee Orthopaedic Clinics is investigating a security breach that has caused disruption to some of its IT systems. The third-party forensic investigation determined that an unauthorized individual gained access to some of its IT systems between March 20, 2023, and March 24, 2023, and may have accessed or acquired files that contained patient information.
By May 2, 2023, it had been confirmed that patient data had been compromised, including names, contact information, dates of birth, diagnosis and treatment information, provider names, dates of service, cost of services, prescription information and/or health insurance information, but the extent to which patients have been affected has not yet been disclosed.
The incident has been reported to the HHS’ Office for Civil Rights as affecting 500 individuals – a common placeholder that is used until the full extent of a breach is known. Notification letters will be issued to affected individuals when the review of the affected files has been completed. Tennessee Orthopaedic Clinics said additional safeguards and technical security measures have been implemented to prevent similar security breaches in the future.