Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Excelsior Orthopaedics Data Breach Impacts 357,000 People

Excelsior Orthopaedics says the information of roughly 357,000 patients and employees was stolen in a June 2024 data breach.

Excelsior Orthopaedics is notifying approximately 357,000 people that their personal and health information was compromised in a data breach resulting from a ransomware attack that came to light in June 2024.

Operating several clinics in Amherst, New York, including the Buffalo Surgery Center and Northtowns Orthopaedics, Excelsior Orthopaedics is a healthcare company that specializes in orthopaedical treatment care.

In June 2024, Excelsior fell victim to a “data security incident” that was initially believed to have resulted in the information of current and former employees being compromised.

Following an initial wave of written notification letters to the potentially affected individuals sent in early August, the company sent a second wave of letters on December 31, after learning that the scope of the data breach was wider and that patient information was also compromised.

“Initial results of the forensic investigation indicated that the incident resulted in the compromise of data relating to current and former patients and employees of Excelsior and its related entities, including the Buffalo Surgery Center and Northtowns Orthopaedics,” the company said in a filing with the Maine Attorney General’s Office this week.

The potentially compromised data includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, diagnosis information, treatment details, health insurance information, and biometric information.

The company told the Maine AGO that roughly 357,000 were impacted by the data breach and that it is providing them with twelve months of free credit monitoring and fraud assistance services.

Excelsior did not share information on the type of cyberattack it fell victim to, but its initial notification letter did reveal that it disconnected external access to the network and that efforts to restore the environment were ongoing at the end of July, suggesting a ransomware attack.

Advertisement. Scroll to continue reading.

Furthermore, the Monti ransomware gang added Excelsior to its Tor-based leak site in early July, claiming the theft of 300 gigabytes of data from the company. Monti has since made the allegedly stolen information publicly available.

Related: Facebook Owner Hit With 251 Million Euros in Fines for 2018 Data Breach

Related: New York Fines Geico and Travelers $11 Million Over Data Breaches

Related: Financial Software Firm Finastra Investigating Data Breach

Related: UltraRank Group Stole Card Data From Hundreds of Sites Using JS Sniffers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.