Pinnacle Notice Of Security Incident
Pinnacle Orthopaedics & Sports Medicine Specialists Notifies Individuals of Data Security Incident
MARIETTA, GEORGIA - June 21, 2024 - Pinnacle Orthopaedics & Sports Medicine Specialists LLC ("Pinnacle") determined on June 6, 2024 that a recent data security incident may have impacted information belonging to certain individuals, including former and current employees or patients.
On or about April 22, 2024, Pinnacle identified suspicious activity within our network, and promptly took steps to secure the environment and launched an investigation. With the support of cybersecurity experts, through that investigation, Pinnacle learned of information suggesting that an unknown actor gained unauthorized access to our network, and potentially acquired certain files, some of which may have contained personal information of our employees and patients. There was no evidence of any access to Pinnacle's electronic medical records ("EMR") system.
On or around April 29, 2024, we identified fewer than 10 individuals impacted. We have provided them with notice via U.S. mail. We are still undertaking a detailed review and analysis to identify potentially impacted individuals and their contact information for notification purposes. Pinnacle will provide written notification via U.S. mail to the impacted individuals as quickly as possible.
Since the data review and analysis process will take time, Pinnacle is informing individuals about this incident and encourages individuals to consider the following Steps You Can Take to Help Protect Personal Information in the interim. The potentially affected information will vary by individual, and could include name, date of birth, medical or health information, health care treatment or diagnostic information, health insurance information, or billing or payment information.
Pinnacle has implemented additional measures to enhance network security and minimize the risk of a similar incident occurring in the future. Pinnacle also notified the FBI and Department of Health and Human Services.
Pinnacle has established a toll-free call center to answer questions about the incident and to address related concerns. Call center representatives are available if you call 855-611-2743 toll-free Monday through Friday from 8 am - 10 pm Central, or Saturday and Sunday from 10 am - 7 pm Central (excluding major U.S. holidays).
The privacy and protection of personal and protected health information is a top priority for Pinnacle, which deeply regrets any inconvenience or concern this incident may cause.
Steps You Can Take to Protect Your Personal Information
Review Your Account Statements and Notify Law Enforcement of Suspicious Activity: As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (FTC).
Copy of Credit Report: You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free 1-877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You also can contact one of the following three national credit reporting agencies:
Equifax P.O. Box 105851 Atlanta, GA 30348 1-800-525-6285 |
Experian P.O. Box 9532 Allen, TX 75013 1-888-397-3742 www.experian.com |
TransUnion P.O. Box 2000 Chester, PA 19016 1-800-916-8800 www.transunion.com |
Fraud Alert: You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least one year. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at http://www.annualcreditreport.com.
Security Freeze: You have the right to put a security freeze on your credit file for up to one year at no cost. This will prevent new credit from being opened in your name without the use of a PIN number that is issued to you when you initiate the freeze. A security freeze is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your ability to obtain credit. You must separately place a security freeze on your credit file with each credit reporting agency. In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement.
IRS Identity Protection PIN: You can obtain an identity protection PIN (IP PIN) from the IRS that prevents someone else from filing a tax return using your Social Security number. The IP PIN is known only to you and the IRS and helps the IRS verify your identity when you file your electronic or paper tax return. You can learn more and obtain your IP PIN here: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.
Additional Free Resources: You can obtain information from the consumer reporting agencies, the FTC, or from your respective state Attorney General about fraud alerts, security freezes, and steps you can take toward preventing identity theft. You may report suspected identity theft to local law enforcement, including to the FTC or to the Attorney General in your state.
Federal Trade Commission 600 Pennsylvania Ave, NW Washington, DC 20580 consumer.ftc.gov, and www.ftc.gov/idtheft 1-877-438-4338 |
Maryland Attorney General 200 St. Paul Place Baltimore, MD 21202 marylandattorneygeneral.gov 1-888-743-0023 |
New York Attorney General Bureau of Internet and Technology Resources 28 Liberty Street New York, NY 10005 1-212-416-8433 |
North Carolina Attorney General 9001 Mail Service Center Raleigh, NC 27699 ncdoj.gov 1-877-566-7226 |
Rhode Island Attorney General 150 South Main Street Providence, RI 02903 http://www.riag.ri.gov 1-401-274-4400 |
Washington D.C. Attorney General 441 4th Street, NW Washington, DC 20001 oag.dc.gov 1-202-727-3400 |
You also have certain rights under the Fair Credit Reporting Act (FCRA): These rights include to know what is in your file; to dispute incomplete or inaccurate information; to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information; as well as other rights. For more information about the FCRA, and your rights pursuant to the FCRA, please visit https://files.consumerfinance.gov/f/documents/bcfp_consumer-rights-summary_2018-09.pdf.