St Clair Orthopaedics & Sports Medicine (SCOSM) in St. Clair Shores, Michigan, recently announced a data breach. SCOSM reported a breach to the HHS’ Office for Civil Rights on January 30, 2025, that impacted the protected health information (PHI) of 340,000 persons.
SCOSM discovered suspicious activity in its network on November 24, 2024. It investigated the incident with the help of third-party cybersecurity specialists to find out the nature and extent of unauthorized system access. On December 9, 2024, SCOSM discovered that unauthorized persons had acquired access to areas of its system that stored patient information. As soon as the investigation was finished on December 20, 2024, SCOSM conducted a detailed analysis to identify the patients impacted and the types of information involved.
SCOSM finished the file analysis on January 29, 2025, and mailed the breach notification letters to the impacted persons. The data compromised because of the incident differed from one person to another and might have involved the following data elements: names, addresses, email addresses, telephone numbers, and birth dates, along with at least one of these data:
- Medical insurance data: insurance providers, health plans/policies, member/group ID numbers, and Medicaid-Medicare ID numbers
- Health Data: medical record numbers, physicians, diagnoses, prescription drugs, test data, images, and care and treatment details
- Insurance claims, billing, and payment information: claim numbers, account numbers, balances, and billing codes
- Other personal information: Driver’s license/state ID numbers, Social Security numbers, and other ID numbers
SCOSM stated that more security procedures were carried out to avoid similar incidents down the road. HIPAA compliance should also be seriously considered to make sure that the same incident will not happen again.
Image credit: BillionPhotos – Дмитрий Майер / AdobeStock
