Western Orthopaedics, P.C. disclosed a data breach affecting more than 100,000 individuals after an unauthorized party gained access to parts of its network environment.
What happened
According to filings submitted to federal and state regulators, investigators later traced suspicious activity to a period between approximately September 17 and September 25, 2025. An internal investigation supported by external cybersecurity specialists found that an unauthorized actor had accessed files containing sensitive patient and employee information.
The organization said it identified the incident on October 2, 2025, then launched containment and remediation efforts while reviewing impacted systems and documents. Regulatory filings show the breach affected 113,330 individuals and involved a hacking or IT-related incident tied to a network server. Western Orthopaedics later began notifying affected people and offering credit monitoring and identity protection services. Law enforcement was also notified as part of the response.
What was said
According to the notice of a data breach, “As part of our investigation and response, we conducted an analysis to determine whether personal information, including protected health information, was present in the affected data. That analysis concluded on March 3, 2026 at which time we determined that some of your information may have been involved in this incident.”
Why it matters
Unauthorized network access can turn one intrusion into a large-scale healthcare privacy incident. Ronquillo, Erik Winterholler, Cwikla, Szymanski, and Levy found, “Despite making up less than 25% of all breaches, hacking was responsible for nearly 85% of all affected patient records over the last 5 years.” A single network compromise can therefore reach far beyond one mailbox, endpoint, or user account, especially when attackers can view or remove files across connected systems.
The Kettering Health incident shows the same risk in practice. In 2026, Becker’s reported on patient notifications after an unauthorized party accessed parts of Kettering Health’s network and viewed or took files and folders during a ransomware-related incident. Unauthorized network access can quickly become a patient privacy issue, an operational disruption, and a HIPAA response problem.
See also: HIPAA Compliant Email: The Definitive Guide (2026 Update)
FAQs
What is lateral movement?
Lateral movement means an attacker moves from one compromised system or account to another inside a network.
What is privileged access?
Privileged access gives users higher-level control over systems, applications, or data. Admin accounts, service accounts, and IT management tools often carry privileged access.
Why are privileged accounts high risk?
Privileged accounts can open sensitive systems, change settings, create new accounts, disable safeguards, or reach large volumes of data.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Mara Ellis
