Lancaster Orthopedic Group reports data breach exposing more than 500 patients' data

Lancaster Orthopedic Group (LOG) is conducting an investigation into a security breach that has potentially exposed the personal and medical information of between 500 and 2,000 patients.

The compromised data includes sensitive details such as

• name,
• address,
• date of birth,
• Social Security numbers,
• treatment information,
• insurance data.

As of July 20, there have been no reports of patients' information being specifically misused, and no instances of identity theft have been reported.

No details are available as to the nature of the attack.

LOG detected and halted the network security incident on March 29, and it was subsequently reported to authorities on May 26 as per the U.S. Department of Health and Human Services' requirement to notify individuals and media within 60 days of a breach affecting more than 500 people.

LOG has taken immediate action to secure its network environment once the incident was discovered. They launched an extensive investigation with the assistance of independent IT security and forensic specialists to determine the appropriate actions to be taken.