On April 1, 2024, Otolaryngology Associates, LLC (“OA”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that the company was the target of a cyberattack. In this notice, OA explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, driver’s license numbers, medical record numbers, codes related to the services provided, dates of service, treating physician names, appointment locations, dollar amounts of charges and names of insurance companies. Upon completing its investigation, OA began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Otolaryngology Associates, LLC, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Otolaryngology Associates data breach. For more information, please see our recent piece on the topic here.

What Caused the Otolaryngology Associates Data Breach?

The Otolaryngology Associates data breach was only recently announced, and more information is expected in the near future. However, OA’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. OA also posted a website notice discussing the incident.

According to these sources, on February 17, 2024, OA learned that it had been the victim of a criminal cyberattack. Evidently, OA discovered the attack within a few hours of its inception. Subsequently, on February 20 and 21, 2024, the hackers informed OA that they had stolen data from OA’s system and threatened to publish the stolen data.

In response, OA secured its system and launched an investigation into the incident. OA also notified the FBI and began working with a cybersecurity forensics firm.

Ultimately, the OA investigation determined that, while the hackers did not view individual documents, they did run programs to exfiltrate certain data from OA systems.

After learning that sensitive consumer data was accessible to an unauthorized party, Otolaryngology Associates reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license number, medical record number, codes related to the services provided, dates of service, treating physician name, appointment location, dollar amount of charges and name of insurance company.

On April 1, 2024, Otolaryngology Associates filed its notice with the HHS-OCR. Typically, this is around the same time companies send out data breach letters to anyone who was affected by the recent data security incident, although the letters are sometimes sent out on different dates. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Otolaryngology Associates, LLC

Otolaryngology Associates, LLC is a healthcare services provider headquartered in Indianapolis, Indiana. OA is a specialty provider of Ear, Nose and Throat care with 13 locations throughout Indiana, including in Indianapolis, Greencastle, Greenfield, Kokomo, Noblesville, and Carmel. Otolaryngology Associates employs more than 125 people and generates approximately $15 million in annual revenue.