Cyber Incident Victim: Atique Orthodontics, P.A.

On or around February 29, 2016, an unauthorized outside party gained access to a computer within the Atique Orthodontics, P.A. (AOPA) office network in San Antonio. This breach persisted until March 30, 2016, when the intrusion was discovered. The compromised computer provided potential access pathways to a server containing sensitive patient information, including full names, dates of birth, Social Security numbers, home addresses, telephone numbers, credit card details, and insurance information. AOPA investigators found no conclusive evidence indicating actual exfiltration or misuse of patient data during the month-long unauthorized access period. The practice specialized in orthodontic services, though the article did not specify whether minors or adults comprised the affected population.

AOPA terminated all remote access capabilities to office computers immediately upon detecting the breach. The organization implemented additional technical safeguards to prevent recurrence, though specific security controls were not detailed in public statements. Notification letters were dispatched via U.S. mail to all impacted individuals, accompanied by an offer for complimentary identity theft protection services through ID Experts®. This package included identity recovery assistance, 12 months of credit monitoring, and a $1,000,000 insurance policy, with enrollment available until July 18, 2016. The incident was reported to the Department of Health and Human Services in compliance with the HITECH Act, with a subsequent May 1, 2016 update confirming 1,506 affected patients. A dedicated call center and website facilitated patient inquiries through ID Experts®, operating during specified Pacific Time business hours. No lawsuits, regulatory penalties, or financial losses attributable to the breach were disclosed in the source material.