Ventura Orthopedics recently became aware of the full extent of a data security breach that had occurred in July 2020. The data security breach was the result of a ransomware attack by outside hackers. Given our backup system, we were not put in a position of having to pay ransom to the attackers in order to have our information decrypted. We undertook an immediate investigation through an outside consultant, which reported the attackers had accessed health information of one patient. We notified the single patient in accordance with HIPAA and California requirements within the prescribed time period.
In September 2023, we learned that data security breach had extended beyond the single patient. Further investigation has revealed that certain limited information of additional confirmed patients and former patients was accessed in 2020. Those files contained patient name, date of birth, and drug and laboratory testing results from 2016, 2017, and 2018. All information came from the files of a single physician and his physician assistant. None of the information originated in the electronic medical record system, which had not been breached.
We are notifying each patient whose information was breached in accordance with the requirements of HIPAA and California law. We will explain what we have done since 2020 to protect against breaches of this kind, advise what those affected can do to protect themselves from potential harm resulting from the breach, and provide contact information to ask questions and obtain additional information.