Des Moines Orthopaedic Surgeons Waits Almost A Year Before Notifying Victims Of Data Breach Featured
Over 307k DMOS patients face a lifetime threat of identity theft after “vendor failure” at orthopaedic clinics.
What Happened?
The Des Moines Orthopaedic Surgeons data breach was only recently announced, and more information is expected in the near future. However, DMOS’s filing with the Attorney General of Texas provides some important information on what led up to the breach. Des Moines Orthopaedic Surgeons also posted a website notice discussing the incident.
On January 24, 2024, Des Moines Orthopaedic Surgeons, P.C. (“DMOS”) filed a notice of data breach with the Attorney General of Texas after discovering that an unauthorized actor was able to access the company’s computer network.
According to the breach notice, on February 17, 2023, DMOS experienced a data security incident when an unauthorized party was able to access the company’s computer network due to a vendor failure.
When DMOS learned of the incident, they engaged with external cybersecurity professionals and changed cybersecurity vendors supporting their network security.
On December 6, 2023, the DMOS investigation confirmed that the unauthorized party who gained access to its network was able to access certain files containing confidential patient information.
What Information Was Stolen?
Per the notice letter, patient data that was compromised includes:
- full names,
- Social Security numbers,
- dates of birth,
- driver’s license numbers,
- state identification numbers,
- passports,
- direct deposit bank information,
- medical information,
- health insurance information.
On January 24, 2024, nearly one year after the incident, Des Moines Orthopaedic Surgeons sent out data breach letters to anyone who was affected by the recent data security incident. These letters provide victims with a list of what information belonging to them was compromised.
What Is DMOS Doing To Protect My Identity?
Apart from changing cybersecurity vendors that support its network security, little else is known about remedial steps DMOS is taking to secure patient data.
According to the notification letters, DMOS is offering complimentary one year identity theft protection. Beyond that DMOS places the onus of protecting against future identity theft on those affected by the breach.
Doug Jacobson, director of Iowa State University’s Cybersecurity Innovation and Outreach, said this breach is one of the worst he’s seen, and said that the stolen data is “everything you’d want as a thief.”
What Can Identity Thieves Do With My Information?
Stolen personally identifiable information (PII) can be used to commit identity theft, open new credit accounts, make unauthorized purchases or obtain loans. Cybercriminals have recently targeted America’s healthcare industry and in so doing have forced millions of Americans to face the fallout from these attacks.
Leaked or stolen healthcare data can be sold on the dark web forums and may be used for fraud and medical identity theft, a type of fraud, where threat actors use stolen information to submit forged claims to insurers.
Because the breach happened nearly a year ago, those learning about the event for the first time have unknowingly had their data exposed for months. In that time, cyber-criminals could have used it in profiteering schemes, sold on the dark web, or weaponized in fraudulent plots. Victims still have time to launch safeguards to protect themselves and mitigate the consequences of the breach.
Protect Yourself. Join the Des Moines Orthopaedic Surgeons Data Breach Class Action.
If you received a data breach notification from Des Moines Orthopaedic Surgeons, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the data breach.
It is critical to begin to take the next steps after a data breach targets your personal data. You may contact a data privacy lawyer to learn about how to protect your accounts, and how to file a class action data breach lawsuit. By filing a claim, you can recover compensation and hold any negligent party accountable for their action or inaction. There is no cost to you.