DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Prosthetic & Orthotic Care patient info remains publicly exposed

Posted on August 26, 2016 by Dissent

First, a quick update on the Athens Orthopedic Clinic breach:

It took two requests, but I’m pleased to report that Pastebin removed three pastes with over 1,350 patients’ information. Those pastes were separate from an earlier paste with an additional 500 patients’ information. News outlets that continue to report that 500 patients’ information was exposed and put up for sale are, to be blunt, reporting inaccurately.  Every AOC patient’s’ data was up for sale on the dark web, and the hackers claimed to have sold some of it (a claim that this site has no way of confirming or disputing). In addition, almost 2,000 AOC patients had their information on an easily accessed public site (Pastebin) where anyone could view it and copy it. For those unfamiliar with these things, Pastebin is on the web, not the dark web.

Following publication of my article that their patient data was still exposed on Pastebin,  AOC did not contact this site to ask where the data could be found so that they could take steps to get it removed. Nor did they contact this site to say thank-you for this site’s efforts to get THEIR patients’ information out of public view. Just so you know.

But today, in going through my notes, I realized that there’s still another paste up on Pastebin from another victim of TheDarkOverlord. This paste has data that appears to be from 499 patients of Prosthetic & Orthotic Care. 

On July 9, I had reported on the P&O breach.  In my report, I noted that I had made several attempts to notify them and speak to them, but they had not responded constructively. I even noted:

As of yesterday, some of their patients’ data had been dumped on a public paste site, and then there were those pictures…

P&O Care never got back to me. And like Athens Orthopedic Clinic, P&O Care never even asked me for the urls of any paste I had discovered. Maybe if they had contacted me or asked, they could have had the paste removed. Instead, it has been online since July 9 and has been viewed 181 times. There are 499 records in that paste with names, addresses, telephone numbers, insurance information, treatment codes, Social Security numbers (embedded in Medicare numbers), and more. The extent of information varies across patients, but it’s enough to cause problems.

DataBreaches.net has today submitted a request to Pastebin seeking removal of this paste, but seriously, getting these pastes removed is the responsibility of the breached clinics – not this site.

Update Aug. 28: The data are still publicly available.

Update Aug. 30: The data are still publicly available and I’ve sent a second request to Pastebin to remove it. I had also notified the clinic the other day, but once again, they did not respond. The paste has now been viewed 186 times.

Update Aug. 31: And finally, it’s gone.

Category: Commentaries and AnalysesHealth DataOf NoteU.S.

Post navigation

← Director at Citizens in Ohio Resigns Over Email Server Dispute
Opera server breach incident →

3 thoughts on “Prosthetic & Orthotic Care patient info remains publicly exposed”

  1. Justin Shafer says:
    August 27, 2016 at 12:29 am

    Good work.

  2. Alina Mughal says:
    August 27, 2016 at 6:56 am

    Thanks God you give us some information about such patients

  3. looeeznga says:
    August 29, 2016 at 11:41 am

    I wasn’t an AOC patient or client of any kind, but on behalf of the thousands of patients they have left in the dark from the beginning, THANK YOU…Seriously. THANK YOU, Dissent, for turning on the light and using your own time in alerting the general public about the extensiveness of the breach, your own dedication in getting the pastes removed, and your own human decency in being honest about what these folks can do in protecting themselves from possible credit and ID tarnishing established not by their own hands in the near to distant future.

    We need more like you in this world. Thank you.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.