Notice of Security Incident
Notice of Data Security Incident
Tennessee Orthopaedic Alliance (“TOA”) is committed to protecting the security and privacy of the information we maintain. We recently completed our response to, and investigation of, a security incident that disrupted the operations of some of our IT systems. On July 14, 2023, we began mailing notification letters to patients whose information may have been involved.
We initially identified the incident when we experienced unusual activity on our systems, and we immediately took steps to secure our systems and launched an investigation with the assistance of a third-party forensic investigator. The investigation determined that an unauthorized party accessed some of our systems between March 20, 2023, and March 24, 2023, and may have accessed or removed certain files. Importantly, TOA’s electronic medical records system was not involved in the incident.
On July 5, 2023, we finished our review and analysis of the files that may have been involved in the incident, which determined that the files contained information for some TOA patients. The information varies per patient but could have included some or all of the following for the patients involved: names, contact information, dates of birth, patient account numbers, diagnosis and treatment information, provider names, facilities of treatment, dates of service, cost of services, prescription information, and/or health insurance information. For some patients, Social Security numbers may have also been contained in the files.
For patients whose information may have been involved in the incident, we recommend that they review the statements they receive from their healthcare providers and contact the relevant provider immediately if they see services they did not receive. In addition, patients whose Social Security numbers may have been involved are being offered complimentary credit monitoring services through Experian, and we encourage them to enroll in those services.
We take this incident very seriously and sincerely regret any concern this may cause. To help prevent something like this from happening again, we have implemented additional safeguards and technical security measures to further protect and monitor our systems. A dedicated, toll-free call center has been established to answer questions about this incident, which can be reached at
(866) 373-9064, Monday through Friday, from 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays.