SUBSTITUTE (WEBSITE) NOTICE
The Centers for Advanced Orthopaedics (CAO) values our relationship with all our patients, our employees (and their dependents), and the communities we serve. This notification informs those individuals of a cyber event that may have affected their protected health information.
On September 11, 2021, CAO identified unusual activity on its computer system within its former Robinwood Division. After discovering the unusual activity, CAO immediately launched an investigation, with the assistance of cybersecurity experts, into the nature and scope of the incident. As part of this investigation, CAO determined that an unauthorized user had gained entry into Robinwood’s network on September 10, 2021 and accessed certain patient information. Following this discovery, CAO launched an extensive and thorough data mining effort to identify potentially affected individuals. Robinwood’s network was at all times kept separate from other CAO systems. We do not have any evidence that patients other than those who received services at Robinwood were affected.
WHAT INFORMATION WAS INVOLVED?
On February 10, 2022, CAO determined that an unauthorized user had gained entry into CAO’s health record system and accessed certain patient information. Please note the actual protected health information affected varies by individual and CAO cannot confirm whether this protected health information was actually accessed or acquired by the unauthorized user.
For most patients, this protected health information consist s of patient name, date of birth, patient ID number, driver license number, and medical history and condition. For a subset of patients, however, accessible protected health information also includes one or more of the following: social security number and financial account information.
WHAT CAO IS DOING.
CAO began mailing notification letters on April 12, 2022 to those whom CAO has determined were affected by the breach and for whom CAO had a valid mailing address. In addition, CAO is reviewing its policies and procedures, assessing its security infrastructure, and implementing additional safeguards to better protect against an incident like this from happening again in the future. CAO has also provided notice of this incident the U.S. Department of Health and Human Services, the consumer reporting agencies, and certain state regulators as required.
WHAT YOU CAN DO.
While CAO is unaware of any actual or attempted misuse of protected health information as a result of this incident, CAO nevertheless encourages individuals to review credit reports, health account statements, health insurance account records, and explanation of benefits forms for suspicious activity, and report all suspicious activity to the institution that issued the record immediately. CAO also encourages those individuals who were affected to enroll in the complimentary credit monitoring and identity restoration services being offered by CAO. Individuals can refer to their notification letter for enrollment instructions and additional recommendations.
FOR MORE INFORMATION.
CAO has established a dedicated toll-free call center to answer any questions you may have. For questions, please call (877) 776-1114 toll-free, Monday through Friday, between 8 am – 10 pm CST, and Saturday and Sunday, between 10 am – 7 pm CST. Be prepared to provide engagement number B046060 when you call.
If you did not receive a letter, but would like to know if you were impacted, please contact the call center.