Industry - Data Breach
Executive Summary
Western Orthopaedics P.C., a Denver-based orthopedic surgery practice, disclosed a data breach that exposed personal and health information of at least 409 patients after unauthorized access to its systems between September 17-25, 2025. The compromised data included Social Security numbers, financial account information, health insurance details, and medical billing information, with a ransomware group called PEAR claiming responsibility for the attack in October 2025. The practice is offerin...
What Happened
Western Orthopaedics P.C., a Denver-based orthopedic surgery practice, experienced unauthorized access to its systems between September 17-25, 2025, with at least 409 patients affected across Texas and Massachusetts. A ransomware group called PEAR claimed responsibility for the attack on October 4, 2025, and the practice completed its data analysis on March 3, 2026, before notifying affected individuals. The breach was disclosed publicly on May 5, 2026.
Who Is Affected
At least 409 patients of Western Orthopaedics are confirmed affected, including 363 Texas residents and 46 Massachusetts residents. The exposed information includes names, addresses, phone numbers, Social Security numbers, dates of birth, financial account numbers, credit or debit card numbers with security codes, health insurance information, medical provider names, dates of service, and medical billing information.
Why It Matters
This breach is significant because it combines financial data, Social Security numbers, and protected health information in a single incident, creating substantial risk for both identity theft and medical fraud. The six-month delay between the attack and the completion of the data analysis, plus the involvement of a named ransomware group, illustrates the extended vulnerabilities patients face when healthcare provider systems are compromised. Healthcare data breaches are particularly serious because medical records cannot be changed like financial account numbers.
What You Should Do
Affected individuals should immediately place fraud alerts or credit freezes with all three major credit bureaus (Equifax, Experian, and TransUnion) and request free credit reports to check for unauthorized accounts. Monitor all bank and credit card statements closely for fraudulent transactions and review health insurance Explanation of Benefits statements for medical services you did not receive. Enroll in the complimentary credit monitoring and identity protection services offered by Western Orthopaedics through Epiq, and remain vigilant against phishing attempts that reference this breach by name.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources
- Vimeo data breach exposes personal information of 119,000 people
- Vimeo data breach exposes personal information of 119,000 people - BleepingComputer
- Western Orthopaedics Data Breach Exposes Patients' Personal and Health Information - Claim Depot
- DocketWise class action claims ‘utter failure’ to protect information led to data breach - Class Action Lawsuits
- Aroostook Mental Health Center reports data breach - WAGM
- Coupang swings to net loss in Q1 amid fallout from data breach - Yonhap News Agency
- Coupang swings to net loss in Q1 amid fallout from data breach - The Korea Herald
- Coupang turns to loss in Q1 amid backlash from data breach incident - 매일경제
- NYC Public Schools Lack Central Inventory to Track Vendors Used By Schools — NYS Auditor
- Data Breach Fallout Pushes Coupang Into Red as Demand Wavers - Koreabizwire
- Naver Gains Ground as Coupang Reels From Data Breach Fallout - Koreabizwire