Athens Orthopedic Clinic recently experienced a data breach due to an external cyber-attack on our electronic medical records. The breach occurred when a hacker used the credentials of an outside contractor who performed certain services for the Clinic.
Personal information of our current and former patients has been breached, including names, addresses, social security numbers, dates of birth and telephone numbers, and in some cases diagnoses and partial medical history. No banking or payment information is stored at AOC and was not a part of the breach.
If you were a patient of any Athens Orthopedic Clinic location or the patient of a doctor or provider who worked with any of our locations on or before June 14, 2016, we regret to tell you that that our electronic medical records system has been compromised and that your personal information is vulnerable.
Click here to read about what you should do to protect yourself.
Please watch this video message from Kayo Elliott, CEO of Athens Orthopedic Clinic:
When we first learned on June 28 that there may have been a breach, we immediately hired cyber-security experts and notified the FBI. We did not make any public disclosure of the breach at that time so as not to interfere with their investigation or push the hacker into a mass public release of data. We confirmed several days later that, in fact, our electronic medical records had been hacked on June 14. It then took several weeks to confirm what data, and of which patients, was taken. We immediately began compiling a list of the patients whose data was taken so that we could mail notices to them as soon as possible.
As soon as we learned that the hacker publicly released some data, we immediately issued a press release, put statements on our website and Facebook page, and continued trying to get letters mailed.
To protect against such breaches in the future, Athens Orthopedic Clinic’s cyber-security experts have made recommendations for additional improvements to our system, and we’ve begun implementing these recommendations.
We apologize for the stress and worry this situation is causing our patients and their families. We are committed to keeping patient information safe and assure you we are doing everything possible to retain your trust in our practice.
You may want to read this letter to the editor the Athens Banner Herald published on August 7, written by Dr. Chip Ogburn, our trauma surgeon.
What You Should Do
If you are a current or past patient, we advise you to take the following steps for yourself and any family members who have visited our practice for medical care. That includes yourself if you are a parent or guardian to any children who are patients of our practice. Unfortunately, it is not legal or permissible for Athens Orthopedic Clinic to contact credit reporting agencies on your behalf.
1. Contact of any one of the three major credit bureaus to place a fraud alert on your credit report. To understand what a fraud alert is, and instructions on how to place one, go to this article from the FTC. The phone lines for the credit bureaus may be busy and you’ll need to call back.
If you would like to place your fraud alert online, use one of these links:
2. Order your credit reports. After you establish a fraud alert, you’ll receive a follow-up letter from the credit bureau explaining how to get a free copy of your credit report. We recommend you order credit reports, and examine them closely for signs of fraud. You can renew your fraud alert at the end of the 90-day period if you would like to do so.
3. If you do notice signs of fraud on your report, act as soon as you can. While we can’t recommend any service other than the official credit reporting agencies above, here are some links to additional sites that may help you understand other options to protect your information.
This letter to all of our patients has been mailed and should have been received by August 13. As a quicker option, we also informed our patients through the media, social media and website. Our primary goal remains on patient care.
If you have a specific question, you can email AOCdatabreach@gmail.com. Though we may not be able to respond to all emails, all emails will be read.
This is an uncomfortable and unfortunate situation for all of us, and we greatly appreciate your understanding and patience.