DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MSK Group notifying patients of data security incident

Posted on July 10, 2018 by Dissent

MSK Group in Tennessee, and its divisions, OrthoMemphis, Memphis Orthopaedic Group, Tabor Orthopedics, and Crosstown Back & Pain Institute, are notifying patients of a data security incident that they discovered on May 7.

In a notification letter dated July 5 and signed by Kimble L. Jenkins, CEO, the orthopedic group offered those affected free services with ID Experts.  In a notice on their web site they explain:

On May 7, 2018, MSK Group, P.C. discovered that its computer networks experienced a security event that day. MSK Group hired expert information security consultants to investigate, mitigate and assess the extent of this event, and we are continuing to work closely with consultants to further strengthen our computer network.

Fortunately, after extensive investigation MSK Group does NOT believe any records containing personal information, were actually removed from its computer network. There was, however, unauthorized access to certain parts of the network at times over several months, and personal information (such as full name, address, telephone, fax, photograph, email address, date of birth, social security number, diagnostic image, driver’s license, insurance and medical record information) was stored on the network.

Therefore, in an abundance of caution, MSK Group is notifying individuals whose personal information was stored on the network (by letter at their last known address) and is offering these individuals one year of free identity theft protection services with MyIDCare™ from ID Experts®. These services include: 12 months of credit monitoring, a $1 million insurance reimbursement policy with no deductible from an A.M. Best “A- rated” carrier, and fully managed ID theft recovery services. With this protection, MyIDCare will help you resolve issues if your identity is compromised. A full description of the offered services may be found at https://ide.myidcare.com/mskprotect.

These letters should begin arriving on approximately July 9.

If you receive such a letter and wish to activate your identity protection services, please go to https://ide.myidcare.com/mskprotect and use the Enrollment Code provided in your patient notification letter. Please note that the deadline to enroll is 90 days from the date of this letter.

We also have included links below which provide more detailed information about this security event (FAQ) and Additional Steps you also may want to consider taking.

If you have misplaced your code, wish to confirm whether your records may be involved, have any questions, or just need more information, please call our toll-free number at 1-888-675-4771, Monday through Friday 7 a.m. to 7 p.m. CT. This toll-free number will be active until October 3, 2018.

MSK Group is fully committed to protecting the confidentiality of personal information. We sincerely regret this happened and apologize for any inconvenience or alarm this situation has caused.

FREQUENTLY ASKED QUESTIONS.pdf    <Click Here>

ADDITIONAL STEPS YOU MAY WANT TO TAKE 7.6.18.pdf    <Click Here>

The number of affected patients was not disclosed in any of their publicly available documents so far, and the incident does not appear on HHS’s public breach tool at the time of this posting.

Category: HackHealth DataU.S.

Post navigation

← MyEtherWallet Warns of [Another] Hack, Urges Hola Users to Move Funds
NZ: Investigation, apology after doctor loses confidential breast cancer patient files →

2 thoughts on “MSK Group notifying patients of data security incident”

  1. Barbara Knight says:
    July 16, 2018 at 6:44 pm

    I was questioning if this was legitimate, although I have been to an orthodox group mentioned in this breach, my 23 yr old grand daughter received same
    Letter , same day and she has never been to an ortho dr.??? We live at same adr. ?

    1. Dissent says:
      July 16, 2018 at 7:04 pm

      This is a legitimate breach disclosure that has been reported to many states and outlets by now.

      Did your granddaughter ever accompany you to an appointment or get listed on any of your paperwork as a contact or authorized individual for HIPAA purposes?

      But seriously: your best bet is to call them and put your question to them.

      Good luck.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.