Columbia Orthopaedic Group: Columbia Orthopaedic Group Data Breach Lawsuit Investigation

Columbia Orthopaedic Group: Columbia Orthopaedic Group Data Breach Lawsuit Investigation

Columbia Orthopaedic Group Hit by LOCKBIT 5.0 Ransomware Attack, Exposing Sensitive Patient Data

Columbia Orthopaedic Group, a leading orthopedic medical practice based in Columbia, Missouri, disclosed a data breach on June 18, 2026, following a ransomware attack by the cybercriminal group LOCKBIT 5.0. The firm, established in 1965, specializes in sports medicine, joint replacements, spine care, and trauma treatment, serving patients across multiple specialty programs.

The attack was first claimed by LOCKBIT 5.0 on May 25, 2026, when the group announced on the dark web that it had exfiltrated sensitive data from Columbia Orthopaedic Group, threatening to publish the information within two weeks. While the exact types of compromised data remain unspecified, the breach may have exposed personally identifiable information (PII), medical records, or financial details.

The incident has prompted an investigation by Shamis & Gentile P.A., a class action law firm specializing in data breach cases, which is evaluating potential legal action for affected individuals. The breach was formally reported to the U.S. Department of Health and Human Services, though further details on the scope of exposure are pending.

Source: https://www.claimdepot.com/investigations/columbia-orthopaedic-group-data-breach-2026

Columbia Orthopaedic Group TPRM report: https://www.rankiteo.com/company/columbia-orthopaedic-group

"id": "col1783961108",
"linkid": "columbia-orthopaedic-group",
"type": "Ransomware",
"date": "7/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Columbia, Missouri, USA',
                        'name': 'Columbia Orthopaedic Group',
                        'type': 'Healthcare Provider'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Medical Records',
                                              'Financial Details']},
 'date_detected': '2026-05-25',
 'date_publicly_disclosed': '2026-06-18',
 'description': 'Columbia Orthopaedic Group, a leading orthopedic medical '
                'practice based in Columbia, Missouri, disclosed a data breach '
                'following a ransomware attack by the cybercriminal group '
                'LOCKBIT 5.0. The attack exposed sensitive patient data, '
                'including personally identifiable information (PII), medical '
                'records, or financial details.',
 'impact': {'data_compromised': 'Sensitive patient data, including PII, '
                                'medical records, or financial details',
            'identity_theft_risk': 'High'},
 'investigation_status': 'Ongoing',
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'LOCKBIT 5.0'},
 'references': [{'date_accessed': '2026-05-25',
                 'source': 'Dark Web Announcement by LOCKBIT 5.0'},
                {'date_accessed': '2026-06-18',
                 'source': 'Columbia Orthopaedic Group Data Breach '
                           'Disclosure'}],
 'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit '
                                            'being evaluated by Shamis & '
                                            'Gentile P.A.',
                           'regulations_violated': ['HIPAA'],
                           'regulatory_notifications': 'Reported to U.S. '
                                                       'Department of Health '
                                                       'and Human Services'},
 'response': {'third_party_assistance': 'Shamis & Gentile P.A.'},
 'threat_actor': 'LOCKBIT 5.0',
 'title': 'Columbia Orthopaedic Group Hit by LOCKBIT 5.0 Ransomware Attack',
 'type': 'Ransomware'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.