Athens Orthopedic Clinic reports patient data breach
An attacker used third party credentials to access patient information.
The Athens Orthopedic Clinic (AOC) in Georgia is notifying patients of a data breach that compromised the personal information of current and former patients.
Names, addresses, social security numbers, dates of birth and telephone numbers, and in some cases diagnoses and partial medical history were affected, according to the clinic's website.
“At the end of June, we confirmed that a hacker had gained access to our electronic medical records system earlier in the month, using the log-in credentials of a third-party vendor,” Kayo Elliott, CEO of AOC, told the Athens Banner-Herald.
The third-party vendor has since been terminated and officials are working with federal authorities to investigate the breach. AOC has retained cybersecurity experts to investigate and to help secure company systems.
Patients are advised to contact one of the three major credit reporting agencies to create a fraud alert.