Allentown, PA – November 23, 2021  –  OAA Orthopaedic Associates ("OAA") is announcing a recent event that may impact the security of information related to certain current or former OAA patients. Although OAA is unaware of any misuse of this information, OAA is providing potentially affected individuals with information about the incident, steps taken since discovering the incident, and what a potentially impacted individual can do to better protect against potential misuse of personal information as a result of this incident, should they feel it is appropriate to do so.

What Happened? On September 24, 2021, OAA became aware of suspicious activity related to certain internal computer systems and servers. OAA immediately took steps to secure their network, minimize any disruption to operations, and launched an investigation with the assistance of third-party forensic and cybersecurity specialists in the nature and scope of the event.  Through this investigation, OAA determined that an unauthorized actor placed malware within the OAA environment that disrupted operations of certain OAA systems.  The investigation further determined that the unauthorized actor may have accessed or acquired certain information contained in impacted OAA systems between September 17, 2021 and September 24, 2021. On or about October 25, 2021, the investigation determined that certain OAA patient information may be impacted as a result of this event.

What Information Was Affected? As a result, OAA began an in-depth manual review of the impacted files in order to confirm the presence of current or former patient information.  While OAA's investigation is ongoing, OAA is providing notice out of an abundance of caution because the investigation determined that the following types of information may be impacted for certain current or former patients: name, address, date of birth, diagnosis, medical/treatment history, prescription information, Medical Record Number, claims information, and/or health insurance information.  To date, OAA has not received any reports of actual or attempted misuse of your information.

What OAA is Doing. OAA takes this incident and the security of patient information within its care very seriously. In addition to the steps described above, as part of OAA's ongoing commitment to the privacy of information in its care, OAA is working to review existing policies and procedures, to provide additional training programs to employees, and are implementing additional safeguards to further secure the information in OAA systems. OAA is also notifying those individuals in which it has address information for directly, as well as state and federal regulators, as required.

For More Information.  If you believe you are potentially impacted by this incident or have additional questions, you may contact OAA by email at privacy@oaainstitute.com, online at www.oaaortho.com, or by mail at 250 Centronia Rd, Suite 303, Allentown, PA 18104.

What You Can Do. OAA sincerely regrets any inconvenience this incident may have caused potentially impacted current or former OAA patients.  OAA is providing notice of this incident along with information and steps a potentially impacted individual can do to better protect their information, should they feel it is appropriate to do so. OAA encourages all potentially impacted individuals to remain vigilant by reviewing account statements, monitoring free credit reports and Explanation of Benefits for suspicious activity, and to detect errors.  Under U.S. law, a consumer is entitled to one free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  You may also directly contact the three major credit reporting bureaus listed below to request a free copy of your credit report.

Consumers have the right to place an initial or extended "fraud alert" on a credit file at no cost.  An initial fraud alert is a 1-year alert that is placed on a consumer's credit file.  Upon seeing a fraud alert display on a consumer's credit file, a business is required to take steps to verify the consumer's identity before extending new credit.  If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years.  Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed below.

As an alternative to a fraud alert, consumers have the right to place a "credit freeze" on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer's express authorization.  The credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent.  However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.  Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report.  To request a security freeze, you will need to provide the following information:

1. Full name (including middle initial as well as Jr., Sr., II, III, etc.);
2. Social Security number;
3. Date of birth;
4. Addresses for the prior two to five years;
5. Proof of current address, such as a current utility bill or telephone bill;
6. A legible photocopy of a government-issued identification card (state driver's license or ID card, military identification, etc.); and
7. A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if you are a victim of identity theft.

Should you wish to place a fraud alert or credit freeze, please contact the three major credit reporting bureaus listed below:

Additional Information

You may further educate yourself regarding identity theft, fraud alerts, credit freezes, and the steps you can take to protect your personal information by contacting the consumer reporting bureaus, the Federal Trade Commission, or your state Attorney General.  The Federal Trade Commission may be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261.  The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them.  You can obtain further information on how to file such a complaint by way of the contact information listed above.  You have the right to file a police report if you ever experience identity theft or fraud.  Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim.  Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General.  This notice has not been delayed by law enforcement.

Media Contact: Gregory Lederman
267-930-4637

/PRNewswire -- Nov. 23, 2021/

SOURCE OAA Orthopaedic Associates