Tennessee Orthopaedic Clinics

Tennessee Orthopaedic Clinics (TOC) reports that after responding to a security problem, they discovered that some of their systems had been accessed by an unauthorised entity.

They do not specify malware or ransomware or whether a ransom or extortion demand was made, but the incident apparently caused some systems to become unresponsive.

PHI of some patients was reportedly accessed or obtained, according to TOC. The details varied depending on the patient and could have included names, contact information, dates of birth, information on the diagnosis and course of treatment, names of the providers, dates of services, costs of services, prescription information, and/or health insurance details.

TOC was apparently still figuring out who needed to be contacted because it hadn't yet begun notifying patients.

Source: https://www.databreaches.net/tennessee-orthopaedics-clinics-notifies-hhs-of-breach-has-yet-to-notify-patients/

TPRM report: https://scoringcyber.rankiteo.com/company/tennessee-orthopaedic-clinics

"id": "ten16225623",
"linkid": "tennessee-orthopaedic-clinics",
"type": "Breach",
"date": "05/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Tennessee',
                        'name': 'Tennessee Orthopaedic Clinics',
                        'type': 'Healthcare'}],
 'data_breach': {'personally_identifiable_information': ['names',
                                                         'contact information',
                                                         'dates of birth',
                                                         'information on the '
                                                         'diagnosis and course '
                                                         'of treatment',
                                                         'names of the '
                                                         'providers',
                                                         'dates of services',
                                                         'costs of services',
                                                         'prescription '
                                                         'information',
                                                         'health insurance '
                                                         'details'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'PHI'},
 'description': 'Tennessee Orthopaedic Clinics (TOC) reports that after '
                'responding to a security problem, they discovered that some '
                'of their systems had been accessed by an unauthorised entity. '
                'Some systems became unresponsive, and PHI of some patients '
                'was reportedly accessed or obtained.',
 'impact': {'data_compromised': ['names',
                                 'contact information',
                                 'dates of birth',
                                 'information on the diagnosis and course of '
                                 'treatment',
                                 'names of the providers',
                                 'dates of services',
                                 'costs of services',
                                 'prescription information',
                                 'health insurance details']},
 'investigation_status': 'Ongoing',
 'title': 'Unauthorized Access at Tennessee Orthopaedic Clinics',
 'type': 'Unauthorized Access'}