NOTICE OF DATA BREACH

Mendelson Kornblum Orthopedic and Spine Specialists (the “Practice”) understands that the privacy and security of health information is critically important and is committed to protecting it. This notice relates to a recent incident at the Practice that may have resulted in a compromise of certain patient health information.

On January 5, 2021, the Practice became aware that certain limited health information residing on one of its servers was and had been for an unknown period of time vulnerable to viewing by unauthorized third parties. The potentially viewable information included patient name, medical record number, date of birth, sex, and certain information regarding medical images, including the date and time the image was taken, the image number, and the name of the body part that was imaged. The potentially viewable information did NOT include any medical images themselves, other diagnosis or treatment information, health insurance information, Social Security numbers, credit or debit card numbers, or financial account information.

Upon becoming aware of the incident, the Practice immediately launched an investigation and took steps to address the incident and help mitigate any impact on its patients. The Practice identified and closed the vulnerability on the applicable server and reviewed and enhanced its existing security procedures to try to prevent similar incidents in the future. In addition, the Practice has notified the U.S. Department of Health and Human Services Office for Civil Rights of this incident.

Based on the findings of its investigation, the Practice has no evidence of any misuse of any patient health information. However, the Practice has advised potentially affected patients of the incident and to remain vigilant by regularly reviewing their account statements and credit reports and to immediately report to their financial institutions any suspicious activity involving one of their accounts.

The Practice apologizes for any inconvenience or concern that this incident may have caused to patients. The Practice takes the privacy and security of health information very seriously and will continue to take steps to help prevent a similar incident in the future. Any patient with questions or concerns may contact the Practice at 855-750-5757 or email our compliance team at compliance@synergyhealth.org.