Cyber Incident Victim: Midwest Orthopaedic Consultants
Date:
Dec 2022
Location:
United States of America
Summary
Midwest Orthopaedic Consultants in Illinois notified 6,818 individuals of a breach involving unauthorized network access where files were encrypted, prompting immediate restoration from backups. The investigation revealed acquisition of sensitive data including patient names, dates of birth, diagnosis and treatment details, addresses, Social Security numbers, driver’s license information, and health insurance data, with identity theft protection offered to affected individuals. The organization apologized for the incident and stated it was enhancing technical security measures to prevent recurrence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Midwest Orthopaedic Consultants (MOC), an Illinois-based healthcare provider, experienced a cybersecurity incident in late September when an unauthorized party potentially gained access to its network and encrypted files. Upon discovering the intrusion, MOC promptly initiated an internal investigation to assess the nature and scope of the breach while simultaneously restoring affected files from backup systems to maintain operational continuity. The investigation later confirmed that the unauthorized actor had acquired certain documents stored within MOC's network during the incident timeframe. This discovery prompted further analysis to identify precisely which individuals and data types were compromised. MOC's response actions focused on containment through system restoration and initiating forensic processes to understand the breach's pathways without disrupting patient care operations.
The compromised documents contained sensitive patient information including full names, dates of birth, diagnosis and treatment details, physical addresses, Social Security numbers, driver's license numbers, and health insurance information. On December 22, MOC began notifying 6,818 affected individuals about the exposure of their personal data, specifying which data elements were involved in each case. For patients whose Social Security numbers or driver's license numbers were exposed, MOC offered complimentary identity theft protection services to mitigate potential financial or reputational harm. The organization publicly acknowledged its responsibility for safeguarding personal information and issued an apology for any inconvenience caused by the breach. In response to the incident, MOC announced concrete plans to strengthen its technical security infrastructure to prevent similar future occurrences, though specific enhancement details were not disclosed in public notifications. No evidence suggested impact to clinical care systems or unauthorized access to medical treatment records during the network intrusion.