Piedmont Orthopedics

Piedmont Orthopedics, also known as Piedmont Orthopedics/OrthoAtlanta, is an orthopedic medical practice headquartered in Atlanta, United States. The practice focuses on the diagnosis, treatment, and surgical management of musculoskeletal conditions, serving patients with needs ranging from sports injuries to joint replacements and spine care. As a healthcare provider, it collects and maintains protected health information including personal identifiers, medical histories, diagnostic images, and insurance details for its patients. The organization operates within the broader orthopedic services sector, adhering to federal health privacy regulations such as HIPAA. Its clinical activities involve direct patient care, outpatient consultations, and procedural interventions performed in affiliated facilities.

On July 11, 2020, Piedmont Orthopedics/OrthoAtlanta suffered a ransomware attack carried out by the Pysa (also known as Mespinoza) threat group. The attackers exfiltrated approximately 3.5 gigabytes of data, which included detailed patient medical records such as names, dates of birth, contact information, diagnoses, surgical histories, laboratory results, cardiograms, and insurance documentation, alongside internal business files. The stolen data was subsequently released publicly, exposing a substantial volume of protected health information. At the time of the breach’s public reporting, the practice had not issued a formal disclosure or notification to affected individuals, and no response was provided to inquiries about the incident. This event highlighted the organization’s handling of sensitive health data and the cybersecurity risks faced by orthopedic providers.