Precision Orthopedics and Sports Medicine data breach

[swidup]

https://www.hipaajournal.com/healthcare-providers-ma-md-ks-data-breaches/

"On February 13, 2025, Precision Orthopedics and Sports Medicine in Maryland notified 1,903 current and former patients about a September security incident that exposed some of their protected health information. On September 12, 2024, unauthorized activity was identified in its email system. The account was immediately secured, and an investigation was launched to determine the cause of the activity.

The investigation confirmed that an unauthorized third party accessed certain employee email accounts between September 10, 2024, and September 12, 2024, as a result of responses to phishing emails. The review of the accounts confirmed on January 2, 2025, that protected health information was involved. The types of data varied from patient to patient and may have included names plus one or more of the following: date of birth, services received, date(s) of service, treating provider, medication information, diagnostic information, and treatment information.

Patients have been advised to be vigilant against any misuse of their information by monitoring their accounts and statements from their healthcare providers. Email security measures are being reviewed, and safeguards will be enhanced, as necessary, to prevent similar breaches in the future."