Lewisville, Texas-based DJO, LLC, an orthopedic device company, was alerted to a cyber-attack relating to a former independent distributor, All Pro Sports.
The attack potentially affected recipients of a DJO® product in the central Florida area. It is possible that their personal information was disclosed in the attack.
DJO, a subsidiary of Colfax Corporation, is a global medical device developer and distributor whose products and technologies “address the orthopedic continuum of care from performance and mobility to surgical intervention and post-operative rehabilitation.”
The attack occurred late this summer. According to its press release, DJO “became aware that an email account of an All Pro employee may have been compromised as a result of a malicious phishing email scheme.” During the attack, the exposed email account forwarded “malicious emails” to email addresses in the account.
DJO announced that the exposed information possibly included “name, address, email address, date of birth, physician name, product information, as well as other information related to the product prescription, and in limited circumstances, Medicare numbers.”
DJO took several steps to address the situation. DJO hired an information technology forensic investigation firm to examine the content of All Pro’s email account. In addition, DJO investigated the matter and was able to confirm that DJO’s email and internal systems were not exposed in the attack.
The number of data breach incidents has continued to rise. Healthcare data breaches of 500 or more records are reported to the Department of Health and Human Services. The Office for Civil Rights is currently investigating 34 Florida data breaches from the past 24 months.
Cyber-attacks cost hospitals and clinics. For OTW’s past coverage of data breach lawsuits see, “Banner Health Agrees to Pay $6 Million for Data Breach,” “Four Patients Sue DCH Health System After Ransomware Attack,” and “Victims Can Sue Ortho Clinics if Data Hacked.”
