Orthopedics This Week | February 14, 2017 - Page 4

ORTHOPEDICS THIS WEEK VOLUME 13 , ISSUE 5 | FEBRUARY 14 , 2017 4

Peachtree Orthopedics Massive Hack Affects 500,000 + Patients

BY JESSICA MEHTA

On September 22 , 2016 , Peachtree

Orthopedics in Atlanta , Georgia , announced their system had been hacked and up to 531,000 people were potentially vulnerable to identity theft . Most were patients . According to the notice posted on the Peachtree website in September by Peachtree CEO Mike Butler :
“ We regret to inform you that on September 22 , 2016 , we confirmed an unauthorized intrusion into our computer system . We took immediate action and are working closely with forensic experts and the FBI to investigate and address the situation . While our investigation is ongoing , we have found evidence indicating that information such as patient names , home addresses , email addresses , and dates of birth was potentially taken . In some cases , the patient ’ s treatment code , prescription records , or social security number may also have been taken .”
It ’ s unclear when the actual data breach happened — Peachtree ’ s official announcement simply states that September 22 was the “ announcement date .” Butler ’ s announcement also states that patients of Peachtree prior to July 2014 may be affected and that “ a small number ” of patients after that date may also be victims of the hack . As a consolation prize , Butler offers one year of free identity protection services to affected Peachtree patients . Butler ’ s announcement was also mailed to all potential victims , which totals over half a million at 531,000 . The offer of free
ID protection services includes credit monitoring to keep an eye out for signs of identity theft .
Flickr and David Whelan
Peachtree isn ’ t the first Atlanta-based orthopedics group to be targeted by hackers in 2016 . Athens Orthopedic Clinic , also in Atlanta , says they were hacked by TheDarkOverlord ( TDO ), a hacking group , around June 14 , 2016 . Athens didn ’ t notice the breach until June 27 , according to The Athens-Banner Herald . In the Athens hacking case , similar records were stolen as well as some diagnoses and medical records . Athens Orthopedic says hackers gained access by using “ third-party vendor credentials ” to log into the system . Hackers claimed they were a “ nationally-known health care information management contractor .” Athens Orthopedic estimates that the breach may have affected around 200,000 current and former patients .
TheDarkOverlord Strikes Again
TDO claimed responsibility for the Peachtree hack on October 13 , 2016 . The TDO press release revealed some Peachtree patient information , including a link to an “ internal document dump .” The dump tactic and patient information teaser is a hacking group strategy to pressure organizations into paying an extortion ransom . The October 13 TDO statement says , “ We went to Peachtree Orthopedics — like Athens Orthopedic — and proposed a solution to the dilemma . We have data that they don ’ t want us to have . With us both running a business , we hoped for a speedy
ryortho . com | 1-888-749-2153