Cyber Incident Victim: ACE Surgical Supply

ACE Surgical Supply detected unauthorized access to its systems on June 29, 2021, marking the discovery of a cybersecurity incident that compromised sensitive information. The breach exposed protected health information and financial details belonging to 12,122 individuals, though the specific systems accessed and duration of unauthorized activity prior to detection were not disclosed in public reports. Compromised data elements included patient names, addresses, dates of birth, medical information, and financial records, though the company did not specify whether Social Security numbers or insurance details were involved. No evidence suggested ransomware deployment in this incident, distinguishing it from the contemporaneous attack on Three Rivers Regional Commission. The company initiated containment procedures upon discovery but did not publicly describe technical remediation steps or system restoration timelines.

Affected individuals received notifications detailing the exposure of their medical and financial data, though the notification date was not specified in available reports. ACE Surgical Supply offered complimentary credit monitoring and identity protection services for 24 months to impacted parties as mitigation against potential misuse of personal information. The organization engaged third-party cybersecurity experts to investigate the breach and strengthen security postures, though specific enhancements such as multi-factor authentication or encryption implementations were not detailed publicly. No operational disruptions or service outages were reported in connection with the incident. The company did not disclose whether forensic investigations determined the attack vector or identified threat actors behind the compromise. Regulatory filings confirmed compliance with breach notification obligations under HIPAA and state laws.