Data breaches put sensitive consumer information in the hands of unknown third parties, who may use them to commit identity theft or for other criminal purposes. While it’s common for the victim of a data breach not to notice anything wrong with their accounts at first, it is essential that they still give the situation the seriousness it deserves, as data breaches can lead to significant financial losses.
In recent news, Southern Orthopaedic Associates announced a data breach involving sensitive information of more than 106,000 individuals. On December 20, 2021, the company sent data breach notifications to all affected parties, informing them that the event resulted in an unauthorized third party gaining access to their sensitive information, including their names and Social Security numbers.
Anyone in receipt of a Southern Orthopaedic Associates data breach letter has reason to be concerned. Too often, consumers disregard these letters because they have yet to see any signs of fraudulent activity. However, over the past two years, the rate of identity theft crimes has increased dramatically. In many of these cases, the information used to commit identity theft was obtained through a data breach. If you recently received a data breach letter from Southern Orthopaedic Associates, it is imperative that you protect yourself. You may also be eligible for financial compensation through a data breach lawsuit if evidence emerges that Southern Orthopaedic Associates mishandled your data leading up to the breach.
Is Southern Orthopaedic Associates Financially Responsible for the Data Breach?
When you entrusted Southern Orthopaedic Associates with your personal information, you hoped that the company would take your privacy seriously. And you certainly assumed that the company would take the necessary steps to prevent your private information from ending up in the hands of criminals, hackers or other bad actors. However, given the recently announced breach, it raises questions about the data-security measures Southern Orthopaedic Associates had in place at the time of the breach.
Companies like Southern Orthopaedic Associates have a legal obligation to protect consumers’ personal, identifying and financial information. While this requires companies to devote time and money to develop security measures, these are merely the costs of doing business in an environment where cyberattacks are rampant. If a business or organization fails to protect consumers’ sensitive information, it may be liable through a data breach class action lawsuit. Of course, data breach laws are complex, and it is too early to tell if Southern Orthopaedic Associates was negligent in how it handled consumer data. However, our data breach law firm is currently investigating whether there is a possible class action data breach lawsuit against Southern Orthopaedic Associates. If you have questions about whether you can bring a Southern Orthopaedic Associates class action lawsuit, it is important you reach out to a data breach attorney as soon as possible.
What to Do if You Received a Data Breach Letter from Southern Orthopaedic Associates
If Southern Orthopaedic Associates sent you a data breach notification letter, it is important you take a moment and reflect upon what it means. Essentially, Southern Orthopaedic Associates is informing you that an unauthorized person—possibly a criminal—gained access to and may have accessed, viewed, and retained your information. While Southern Orthopaedic Associates cannot tell why the third party sought out your information, the situation justifies a certain level of precaution on your part. Below are a few ways to protect yourself from identity theft and the other possible financial risks that can step from a data breach:
- Carefully read the Southern Orthopaedic Associates data breach letter to determine what information of yours was accessible;
- Make a copy of the letter for your records;
- Enroll in the free credit monitoring service provided by Southern Orthopaedic Associates;
- Change all your passwords and security questions for any online accounts;
- Enable two-factor authentication, where it is available;
- Regularly review your credit card and bank account statements for any signs of suspicious activity;
- Monitor your credit report for any unexpected changes that may be a sign of identity theft;
- Contact one of the major credit bureaus to request they add a fraud alert to your profile; and
- Notify your banks and credit card companies of the data breach.
About Southern Orthopaedic Associates
Southern Orthopaedic Associates is a physicians’ group of orthopaedic surgeons who practice in the southern states. The group consists of practicing surgeons in Alabama, Arkansas, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, Missouri, North Carolina, Oklahoma, South Carolina, Tennessee, Texas, Virginia, West Virginia, Puerto Rico and the District of Columbia. The organization’s stated mission is to foster art and science of medicine in the specialty of orthopaedic surgery by providing education materials and access to seminars for members. Southern Orthopaedic Associates also publishes the Journal of Surgical Orthopaedic Advances.
The Details of the Southern Orthopaedic Associates Consumer Data Breach
According to the most recent data breach letter, on July 7, 2021, Southern Orthopaedic Associates noticed unusual activity pertaining to an employee’s email account. The company enlisted the help of an outside computer forensics firm, which determined that an unauthorized party accessed several employee email accounts between June 24, 2021 and July 8, 2021.
While Southern Orthopaedic Associates has no knowledge of what emails and what information the unauthorized party accessed, the company reviewed all emails in the affected employees’ email accounts. In total, the reviewed emails contained the names and Social Security numbers of 106,910 individuals. On December 20, 2021, the company sent data breach notifications to all affected parties, informing them of the breach and what they can do to protect themselves.
Below is a copy of the data breach letter issued by Southern Orthopaedic Associates (the actual notice sent to consumers can be found here):
Southern Orthopaedic Associates d/b/a Orthopaedic Institute of Western Kentucky (“SOA”) is writing to notify you of an incident that may affect the security of some of your personal information. While we are unaware of any actual or attempted misuse of your information, we take this incident very seriously. This letter provides details of the incident and the resources available to you to help protect your information from possible misuse, should you feel it is appropriate to do so.
What Happened? On or about July 7, 2021, SOA became aware of suspicious activity relating to an employee email account. We immediately launched an investigation to determine what may have happened. Working together with an outside computer forensics specialist, we determined that an unauthorized individual accessed several employee email accounts between June 24, 2021 and July 8, 2021. Because we were unable to determine which email messages in the accounts may have been viewed by the unauthorized actor, we reviewed the entire contents of the affected email accounts to identify what personal information was accessible. This review was complete by October 21, 2021. Once we identified the individuals who may have been impacted, SOA worked to confirm current mailing addresses for the impacted individuals and prepare an accurate written notice of this incident.
What Information Was Involved? Although we cannot confirm whether your personal information was actually accessed, viewed, or acquired without permission, we are providing you this notification out of an abundance of caution, because such activity cannot be ruled out. The following types of your information were located in an email or attachment that may have been accessed or acquired by an unauthorized actor: your name and [Extra2].
What We Are Doing. Upon learning of this incident, we changed all employee email account passwords and took steps to secure the impacted accounts. We are currently implementing additional technical safeguards as well as training and education for employees to prevent similar future incidents.
What You Can Do. Although we are unaware of any fraudulent misuse of your information, we have arranged to have Experian provide complimentary credit monitoring to you for [Extra3] months as an added precaution. Please review the instructions contained in the enclosed “Steps You Can Take to Protect Your Information” to enroll in and receive these services. SOA will cover the cost of this service; however, you will need to enroll yourself in the credit monitoring service.
For More Information. We recognize that you may have questions not addressed in this letter. If you have additional questions, please contact our dedicated assistance line at (855) 414-6050, Monday through Friday, 8 am – 10 pm Central, or Saturday and Sunday, 10 am – 7 pm Central (excluding major U.S. holidays). You may also write to us at 200 Clint Hill Boulevard, Paducah, KY 42001.