Center for Orthopaedic Specialists notifies 85,000 patients of ransomware infection


Another indicator that a ransomware infection is seen as a HIPAA data breach and needs to be reported.

The Center for Orthopaedic Specialists (COS) in California has three locations in West Hills, Simi Valley and Westlake Village. COS has been notifying 85,000 current and former patients of a ransomware attack on their unnamed IT vendor in February.

Love their tagline, but It’s probably going to need to be changed after this. From their April 18 notice on their web site: 

"The Center for Orthopaedic Specialists (COS) recently learned that our computer system was compromised by a security event that affected our three facilities in West Hills, Simi Valley and Westlake Village, Calif. Malicious software was used to gain access to and encrypt patient data in our system in the hopes of getting COS to pay money to restore access to the patient data.

To the best of our knowledge, no patient information was removed by any unauthorized party as a result of this event. However, out of an abundance of caution, we are notifying all patients whose information was stored on the compromised system. A notification letter was sent to all current and former patients of COS (or to their legal guardians or representatives as appropriate).

What Happened

A third-party technology vendor provides COS with information technology (IT) services. We recently received notice from the IT vendor that an unauthorized party had illegally accessed COS’s computer network. Working with the IT vendor, we immediately launched an investigation into the matter. The investigation determined that the unauthorized party began attempting to access our system beginning Feb. 18, 2018. The IT vendor indicated that the affected system was permanently taken offline before any patient information could be removed by the unauthorized party.

What Information May Have Been Involved

The patient data that was encrypted by the unauthorized party could have included a patient’s name, date of birth, details about their medical records, and Social Security number. To the best of our knowledge, no patient information was downloaded or removed by the unauthorized party.

What We Are Doing To Support Our Patients

We have notified federal law enforcement officials, who may choose to conduct a criminal investigation into the matter. We continue to work with our third-party technology vendor to address the issue, and as noted above, the affected system was taken offline permanently."


I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will, because your filters never catch all of it. Get a quote now and you will be pleasantly surprised.

Get A Quote

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Let's stay safe out there.

Warm regards,

Stu Sjouwerman,

Founder and CEO, KnowBe4, Inc



Topics: Ransomware

Subscribe To Our Blog

2019 National Cybersecurity Awareness Month Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews