Stolen PHI leads to data breach

December 27th, 2016 by admin Leave a reply »

Oak Cliff Orthopaedic Associates recently announced a data breach due to theft involving PHI records. Apparently, the records from the years 2006 to 2007 were affected. The Lewisville Police Department has now located the records and returned it to the facility.

Affected information included patients’ names, addresses, and office medical records. Facility mentioned that in some cases, Social Security number, credit card number, or banking information was involved.

According to the statement, the records went missing from an off-site storage. The police department later recovered the records and other stolen materials from a hotel room. Facility has removed all items out of this storage unit after the incident. It has also notified banks of potential fraudulent activity.

Oak Cliff begun an investigation. It hired legal team to determine the extent of the unauthorized access. Legal team mentioned that there is no evidence of data misuse.

Oak Cliff has sent letters to the affected individuals mentioning the details of the incident. It is offering one year of free identity protection and restoration services. Individuals are also advised to take steps to safeguard their information in the future. As per the OCR data breach reporting tool, incident affected 1,057 individuals.

According to the statement, “Oak Cliff Orthopaedic Associates understands the importance of safeguarding their patients’ personal information and takes that responsibility very seriously. The office regrets that this incident has occurred, and is committed to prevent future such occurrences “

Oak Cliff had asked individuals to call a dedicated assistance line for any additional information. Also, steps to better protect against identity theft is provided through a helpline.

For Identity Protection, Oak Cliff Orthopaedic Associates asks potentially impacted individuals to enroll in the complimentary identity protection and restoration services. Also, it asked impacted patients review their account statements for any suspicious activity.


Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Leave a Reply