Cyber Incident Victim: Florida Orthopedic Institute

In June 2020, Florida Orthopedic Institute (FOI), one of Florida's largest orthopedic providers, became the subject of a class-action lawsuit following a data breach involving unauthorized access to patient information. Attorney John Yanchunis of Morgan & Morgan filed the lawsuit in U.S. District Court on June 30, 2020, alleging the institute failed to adequately protect sensitive patient data. The complaint sought at least $99 million in damages on behalf of current and former patients whose protected health information was compromised by hackers. While the exact number of affected individuals remained unspecified in available reports, FOI disclosed that the breach impacted 731 Massachusetts residents in accordance with state notification requirements. The incident had not yet appeared on the U.S. Department of Health and Human Services' public breach portal at the time of reporting, leaving the total patient impact unverified through official federal records.

The breach exposed personal information including protected health data, though specific data elements compromised were not detailed in public filings. Legal representatives argued FOI's security measures were insufficient to prevent the intrusion, constituting negligence under health privacy regulations. Financial repercussions included the multi-million dollar damages claim covering potential identity theft remediation costs, credit monitoring expenses, and statutory penalties for affected patients. Organizational impacts involved reputational damage to the healthcare provider and operational disruptions from ongoing litigation. No details regarding breach discovery methods, containment procedures, or system remediation efforts were disclosed in available sources. The lawsuit marked a significant legal consequence emerging within weeks of the breach's public disclosure, highlighting immediate patient recourse actions despite incomplete governmental reporting of the incident's scope.