March 9, 2023 – Bone & Joint Clinic, S.C. (“Bone & Joint”), an orthopedic and pain management clinical practice in Northcentral Wisconsin experienced a data security incident that may have involved personal and protected health information belonging to current and former employees as well as current and former patients. This notification provides information about the incident and resources available to assist potentially affected individuals.
What Happened. On January 16, 2023, Bone & Joint experienced a network disruption and immediately initiated an investigation of the matter and engaged cybersecurity experts to assist with the process.The investigation determined that certain administrative and medical files may have been acquired without authorization. After a thorough review of those files, on or about January 27, 2023, some personal information was identified as being contained within the potentially affected data.
What Information Was Involved. The information may have involved names, dates of birth, Social Security numbers, home addresses, phone numbers, health insurance information, and diagnosis and treatment information.
What Bone & Joint is Doing. As soon as Bone & Joint discovered the incident it took the steps described above. It also implemented measures to enhance network security and minimize the risk of a similar incident occurring in the future. Bone & Joint also notified the Federal Bureau of Investigation and will provide whatever cooperation may be necessary to hold the perpetrators accountable. Additionally, Bone & Joint notified all potentially affected individuals and offered them complementary identity protection services through IDX, including dark web monitoring, up to $1 million in identity fraud loss reimbursement insurance, fully managed identity theft recovery services, and access to a call center for 90 days. Additionally, Bone & Joint offered all individuals whose Social Security numbers may have been affected 12 months of complimentary credit monitoring services through IDX.
Bone & Joint recommends that individuals follow the recommendations contained within the notification letter and this notice to help protect their information. Bone & Joint has also established a toll-free call center to answer questions about the incident and to address related concerns. Call center representatives are available Monday through Friday from 8:00 am to 8:00 pm Central Time and can be reached at 1- (833) 758-8873.
What You Can Do. Bone & Joint encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanations of benefits forms, to monitoring free credit reports for suspicious activity, and to detect errors. The privacy and security of all personal and protected health information is a top priority for Bone & Joint, and we deeply regret any inconvenience or concern this incident may cause.
What steps can I take to protect my personal information?
- Please notify your financial institution immediately if you detect any suspicious activity on any of your accounts, including unauthorized transactions or new accounts opened in your name that you do not recognize. You should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities.
- You can request a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To do so, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is listed at the bottom of this page.
- You can take steps recommended by the Federal Trade Commission to protect yourself from identify theft. The FTC’s website offers helpful information at www.ftc.gov/idtheft.
How do I obtain a copy of my credit report?
You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You also can contact one of the following three agencies:
How do I put a fraud alert on my account?
You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for one year. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at http://www.annualcreditreport.com.
How do I put a security freeze on my credit reports?
You have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans and services from being approved in your name without your consent. To place a security freeze on your credit report, you need to make a request to each consumer reporting agency. You may make that request by certified mail, overnight mail, or regular stamped mail, or online by following the instructions found at the websites listed below. You will need to provide the following information when requesting a security freeze (note that if you are making a request for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; and (4) address. You may also be asked to provide other personal information such as your email address, a copy of a government-issued identification card, and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. There is no charge to place, lift, or remove a freeze.
What should I do if my family member’s information may have been involved in the incident and is deceased?
You may choose to notify the three major credit bureaus, Equifax, Experian and TransUnion, and request they flag the deceased credit file. This will prevent the credit file information from being used to open credit. To make this request, mail a copy of your family member’s death certificate to each company at the addresses below.
What should I do if my minor child’s information may have been involved in the incident?
You can request that each of the three national credit reporting agencies perform a manual search for a minor’s Social Security number to determine if there is an associated credit report. Copies of identifying information for the minor and parent/guardian may be required, including birth or adoption certificate, Social Security card and government issued identification card. If a credit report exists, you should request a copy of the report and immediately report any fraudulent accounts to the credit reporting agency. You can also report any misuse of a minor’s information to the FTC at https://www.identitytheft.gov/. For more information about Child Identity Theft and instructions for requesting a manual Social Security number search, visit the FTC website: https://www.consumer.ftc.gov/articles/0040-child-identity-theft. Contact information for the three national credit reporting agencies may be found above.