Cyber Incident Victim: Fondren Orthopedic Group

On November 21, 2019, Fondren Orthopedic Group in Texas experienced a malware attack impacting patient records associated with Dr. K. Matthew Warnock’s practice. The malware corrupted and permanently destroyed a subset of patient records, rendering them irrecoverable. Forensic investigation revealed no evidence that attackers accessed, copied, or exfiltrated any patient data beyond the records destroyed by the malware. The organization subsequently reported the incident to the U.S. Department of Health and Human Services (HHS), disclosing that 30,049 patients required notification due to the incident. While the notice did not explicitly confirm whether all notified patients had records destroyed or whether the figure represented a broader affected population, it emphasized the irreversible damage to specific medical records. The attack’s impact was confined to data corruption and destruction, with no indication of unauthorized data acquisition or theft.

Fondren Orthopedic Group initiated patient notifications following its internal review and HHS reporting, though the notification timeline relative to the November 21 incident date remains unspecified in available sources. The organization’s public notice did not address whether backups existed to restore the destroyed records or detail any operational recovery measures undertaken. DataBreaches.net attempted to contact Fondren Orthopedic Group via their website’s contact form but encountered a technical barrier—a non-functional captcha requirement that prevented message submission. The permanent loss of patient records raised concerns about the availability and integrity of critical healthcare data for affected individuals, potentially impacting continuity of care or medical history accessibility. No additional technical specifics regarding the malware variant, attack vector, or containment procedures were disclosed in the publicly available notice or subsequent reporting.