Comprehensive Orthopedic Surgery Specialists

Notice of Data Security Incident

Midwest Orthopaedic Consultants, S.C. (“MOC”) recently discovered an incident that involved the personal information or protected health information of some of its patients or other individuals associated with MOC. On September 29, 2022, MOC learned that an unauthorized third party may have gained access to its computer network and encrypted certain files. Upon discovering the incident, MOC promptly began an internal investigation, securely restored its files from backups, and notified law enforcement. MOC also engaged a forensic security firm to assist with its investigation.

The investigation determined that an unauthorized third party gained access to some of MOC’s computer systems between September 27, 2022, and September 29, 2022, and acquired certain MOC documents.
On November 4, 2022, MOC learned that the third party acquired certain documents containing health information from its network. MOC undertook a comprehensive review of the involved documents and, on November 21, 2022, determined that they contained certain individuals’ personal information or
protected health information. The type of information involved varied for each individual but may have included the following: name, address, date of birth, Social Security number, driver’s license number, medical treatment or diagnosis information, and/or health insurance information.

On December 22, 2022, MOC began mailing written notifications to individuals whose personal information or protected health information was involved in the incident and for whom MOC has contact information. Individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. As described in those letters, MOC has arranged for complimentary identity theft protection services for those individuals whose Social Security numbers or driver’s license numbers were involved in the incident.

As a precaution measure, patients and other individuals should remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify
the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or suspected identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Individuals may also wish to review the tips provided by the
Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes, and steps to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Contact information for the three national credit reporting agencies is as follows:

Equifax
1-800-349-9960
www.equifax.com
P.O. Box 105788

Experian
1-888-397-3742
www.experian.com
P.O. Box 9554

TransUnion
1-800-888-4213
www.transunion.com
P.O. Box 2000

87298273.3
Atlanta, GA 30348 Allen, TX 75013 Chester, PA 19016

MOC takes its responsibility to safeguard personal information seriously and apologizes for any inconvenience this incident might cause. MOC is enhancing its technical security measures to help prevent an incident like this from happening again. Individuals seeking additional information may call a confidential, toll-free inquiry line at 855-918-3506 from 8 a.m. – 8 p.m. Central, Monday through Friday.