Florida Orthopaedic Institute Notifies Consumers of Data Security Incident

Florida Orthopaedic Institute (“FOI”) discovered a data security incident that may have involved the personal information of our patients. We sent notification directly to the potentially impacted individuals to notify them of this incident and provide resources to assist in protecting their personal information.

What Happened?

On or about April 9, 2020, we discovered a ransomware attack had encrypted data stored on our servers. We took immediate steps to restore impacted data, further secure our environment, and initiate an internal investigation into the issue. We also engaged a third-party forensic expert to assist us with the investigation. On May 6, 2020, the investigation revealed that the personal information of certain FOI patients may have been accessed or taken during the incident. While we are not aware of the misuse of any information impacted by this incident, we are providing this notice about the incident and providing information about steps individuals can take to protect their personal information.

What Information Was Involved?

Based on our investigation, personal information affected by this issue may have included names, dates of birth, Social Security numbers, medical information related to appointment times, physician locations, diagnosis codes, payment amounts, insurance plan identification numbers, payer identification numbers, claims addresses, and/or FOI claims history.

What Are We Doing?

As soon as we discovered the incident, we took the steps described above to address the issue. As a part of the notifications we sent directly to the affected individuals, we are offering complimentary credit monitoring services. In addition, we provided them with information about steps they can take to help protect their personal information. Finally, we have updated our internal procedures and have added additional safeguards to minimize the chance that an incident like this could occur in the future.

In order to ensure all potentially affected individuals have access to current and accurate information about this issue, we are posting this notice in addition to providing those individuals.

FOI has established a toll-free call center to answer questions about the incident and to help the affected persons enroll in the complimentary credit monitoring services. The call center is available Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time and can be reached at 1-844-961-2414.

We deeply regret any concern or inconvenience this issue may have caused and is taking affirmative steps based on the findings of the investigation to prevent a similar event from occurring in the future, including working with leading cybersecurity experts to enhance the security of our digital environment.

Frequently Asked Questions:

Who is FOI? I don’t remember that name or I never went there.

FOI is a conglomerate of orthopaedic offices based in Tampa Bay, Florida.

Why wasn’t I notified sooner?

With any such event, it takes time to conduct an investigation, gather the relevant information, and identify the affected individuals, and make the appropriate decisions to line-up the assistance services that are being offered. In order to ensure we were able to not only specifically identify the potentially affected individuals, but also to provide them with a clear picture of the way this incident affects them, FOI ensured we undertook a diligent approach with the investigation.

What is FOI doing to prevent this kind of loss from happening again?

FOI implemented a more robust antivirus program, additional firewalls, reduced external access, and implemented additional auditing and tracking of external access. We also plan to take the findings of our investigation to enhance the security of our digital environment.

What are the risks of identity theft with the information that was exposed?

Receiving a letter does not mean that you are a victim of identity theft. We are recommending that people review their letter and the recommendations provided. At this time, there is no reason to believe that your information is at risk, as a result of this incident.

Is there anything I need to do to in response to the exposure of my personal information?

Please enroll for the services FOI is offering. In addition, you may also take advantage of your rights to the free fraud alert services offered by the three major credit bureaus. Placing fraud alerts will provide your credit with additional protection. In addition, doing so will give you access to copies of each of your credit reports at no cost to you.

Can my insurance ID be used fraudulently?

Generally speaking, most facilities require proof of insurance to process a claim or service. The risk is low. However, the monitoring services that are being offered to you will assist you if anything were to happen.