Amherst, NY – On January 3, 2025, Excelsior Orthopaedics, LLP, informed the public about a data security incident that involved sensitive personal information from current and former patients and staff. "In an abundance of caution, we are offering free credit monitoring and identity theft protection services to affected individuals," said David Uba, CEO of Excelsior Orthopaedics.
"In an abundance of caution, we are offering free credit monitoring and identity theft protection services to affected individuals,"
The incident, which escalated when unusual activity was detected on June 23, 2024, prompted immediate action. After identifying the breach, Excelsior engaged a specialized cybersecurity firm to contain the intrusion and oversee a detailed forensic investigation. "This comprehensive analysis of the compromised data led us to identify affected individuals," Uba explained. The affected patients included those associated with Excelsior’s related entities, such as Buffalo Surgery Center and Northtowns Orthopaedics.
"This comprehensive analysis of the compromised data led us to identify affected individuals,"
In August 2024, as analysis efforts continued, Excelsior began notifying a small group of individuals about the breach, while formal reporting was made to the U.S. Department of Health and Human Services and the Office for Civil Rights. By December 2024, an additional wave of notifications was sent out as data mining efforts concluded, which reached a broader array of impacted individuals. "Efforts to identify affected individuals are ongoing, and any remaining affected individuals will be notified via first-class mail as they are identified," Uba added.
"Efforts to identify affected individuals are ongoing, and any remaining affected individuals will be notified via first-class mail as they are identified,"
By the Numbers
The breach has raised concerns over the types of information exposed. While Excelsior is still in the process of finalizing the details, confirmed compromised data includes demographic details, medical records, driver’s license and health insurance information, as well as financial data. In a limited number of cases, Social Security numbers may also have been affected. Some individuals may find specific details about the data compromised in the letters they receive from Excelsior.
Looking Ahead
Since the incident's detection, Excelsior has made it a priority to bolster its cybersecurity framework. "We are taking steps to enhance existing security measures and prevent similar events from occurring in the future," Uba stated. These measures involve deploying new security tools, redesigning critical systems and processes, and improving alerts to ensure swift responses to any future threats. Furthermore, the organization is committed to training and informing staff on cybersecurity risks—an initiative aimed at mitigating potential vulnerabilities.
"We are taking steps to enhance existing security measures and prevent similar events from occurring in the future,"
Excelsior's dedication to patient security extends to the provision of complimentary credit monitoring and identity theft protection for those affected by the breach. Notices have been distributed outlining how individuals can enroll in these protective services.
Affected individuals are advised to actively monitor their accounts and credit reports and remain vigilant against identity theft. Security experts recommend reaching out to financial institutions and credit bureaus to inform them of the breach. "Taking these recommended steps can help protect your interests," emphasized Uba, stressing the importance of proactive security practices.
"Taking these recommended steps can help protect your interests,"
For further questions or concerns, Excelsior has established a dedicated helpline. Individuals can reach out at 1-833-531-2298, available from Monday to Friday, during business hours.
Looking Ahead
In light of this incident, Excelsior Orthopaedics recognizes the inconvenience caused and continues to prioritize the privacy and security of all personal information they manage. The organization is steadfast in their commitment to prevent such events in the future and foster a secure healthcare environment for all stakeholders.
