DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Prosthetic & Orthotic Care confirms hack by TheDarkOverlord

Posted on July 29, 2016 by Dissent

Another one of TheDarkOverlord’s targets has issued a statement about the hack and theft of their patient information. DataBreaches.net had identified this entity and first reported on the hack on July 9.

Somewhat disturbingly, and as we have seen in other cases with the same parameters, Prosthetic & Orthotic Care (P&O Care) does not appear to be telling patients that their PII and PHI were actually dumped on Pastebin, and that the full database with all their information in plain text is up for sale on the dark web. I am still awaiting a response from HHS as to whether such information should be included to comply with the intention of HITECH that patients be given information relevant to their assessment of the risks they face.

ST. LOUIS, MISSOURI AND ILLINOIS, USA, July 29, 2016 — Prosthetic & Orthotic Care, Inc. is taking swift action to address a data breach by a malicious hacker that has resulted in the disclosure of its patient information. 

The office learned of the possibility of an incident on July 10, and the FBI began investigating the matter. Exploiting a previously-unknown flaw in software purchased by P&O Care, the thieves obtained patient medical records that include names, contact information, P&O Care patient ID numbers, diagnostic codes, appointment dates and last billing amounts. Some records also contain Social Security numbers, birth dates, medical insurance company, and identification information and photos of procedures.  

“P&O Care deeply regrets that this incident occurred and understands the importance of personal information security,” Jim Weber, P&O Care’s Chief Executive Officer, said. “We are working diligently to notify our patients of this risk, and in light of this attack, we are also working with a nationally recognized security firm to further enhance our security and guard our patients’ information.”  

The steps underway to respond to this breach and further improve the security of P&O Care’s patient records include: 

• Providing notice of the theft to those identified as potentially being at risk
• Advising patients on specific steps they can take to protect against identity theft; for example, patients are advised against providing or verifying any unsolicited requests to confirm any sensitive personal information
• Providing patients with a year of credit monitoring through AllClearID, a leading provider of identity theft protection services, at no expense to patients
• Operating a toll free number dedicated to providing information to those affected by the attack
• Retaining a nationally recognized security firm to advise on measures to enhance security
• Adding additional measures to thwart future attacks
• Monitoring the system to detect any signs of an ongoing attack

Additionally, action individuals should take to protect themselves from potential harm resulting from the breach include:

• Immediately file a report with local police if you believe your identify has been stolen
• Place an Initial Fraud Alert on your accounts, which can be done by contacting any one of the three credit reporting agencies; once you place an initial fraud alert with one of the three credit agencies, it will share that information with the other two
• Review the FTC’s publication, “Taking Charge: What To Do If Your Identity Is Stolen,” which contains additional valuable information, including step-by-step checklists to report and repair identity theft – find the publication at https://www.consumer.ftc.gov/articles/pdf-0009-taking-charge.pdf

Those affected will be receiving a notification letter with a toll free number they may call with further questions. In the meantime, potentially affected persons seeking additional information may email [email protected]. 

About Prosthetic and Orthotic Care, Inc. 
P&O Care is a team of health care professionals whose mission is to improve the quality of life of our patients by consistently providing patient-focused, value-driven solutions through the innovative design, fabrication and fitting of the highest quality custom prosthetic and orthotic devices. As an independently owned and operated prosthetic and orthotic company, the decisions that we make about the services we provide, the products we recommend, and your care management are truly patient-centered.

Dan Nelson
Armstrong Teasdale LLP
(314) 621-5070

Category: HackHealth DataOf NoteU.S.

Post navigation

← SGI catches snoop in Vonda, notifying customers of privacy breach
PA: Bariatric patients’ privacy was compromised, Crozer-Keystone says →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.