Last year, the American Osteopathic Association informed more than 27,000 people that their sensitive personal, identifying and financial information has been compromised in a data breach resulting from a system breach. In June 2020, the American Osteopathic Association learned that an unauthorized third party had accessed and deleted several files from the Association’s servers. These files contained sensitive consumer information, including full names, social security numbers and financial account information of the parties concerned.
A data breach occurs when an unauthorized party (often a hacker or criminal) surreptitiously gains access to sensitive consumer information that is in the possession of a business or other organization. Often, these malicious actors specifically target organizations that rely on inadequate data security measures. Hackers typically use the information they obtain in a cyberattack to commit identity theft themselves or sell the data on the black market. Although victims of a data breach may not immediately notice suspicious activity on their accounts, it is essential that they take the necessary steps to protect themselves against identity theft and other potentially significant financial losses.
Anyone receiving a data breach letter from the American Osteopathic Association should proceed with caution. Since the start of the COVID-19 pandemic, cases of identity theft have increased dramatically. In many of these cases, the party responsible for the identity theft obtained the information needed to commit their crimes through a data breach.
If you have recently received a data breach letter from the American Osteopathic Association, it is essential that you remain vigilant. Additionally, if the American Osteopathic Association is found to have mishandled your data or been negligent in the way the Association has handled your information, you may be entitled to financial compensation through a data breach lawsuit.
Is the American Osteopathic Association financially responsible for the recent data breach?
When you entrusted your information to the American Osteopathic Association, you hoped that the organization would take your privacy seriously. Surely you assumed that they would take all necessary measures to prevent your information from ending up in the hands of a potential criminal. However, this data breach raises serious questions about the Association’s data security measures.
Organizations such as the American Osteopathic Association have an ethical and legal duty to protect the personal, identifying, financial and health information of consumers. Although developing a robust data privacy system requires companies to spend significant resources, it is only a cost of doing business in an environment where cyberattacks are common. If an organization fails to protect sensitive consumer information, it can be held liable through a data breach class action lawsuit. Of course, the laws surrounding liability for data breaches are complex, and there’s no evidence yet that the American Osteopathic Association was negligent in the way it handled consumer data. However, our data breach law firm is actively investigating the breach to determine what legal remedies the affected parties may have against the American Osteopathic Association.
If you have any questions about your ability to bring a class action lawsuit against the American Osteopathic Association, it is important that you contact a data breach attorney as soon as possible.
What to do if the American Osteopathic Association has sent you a data breach notification
If you recently received a data breach notification from the American Osteopathic Association, an unauthorized person may have accessed, viewed, and retained your sensitive personal information. Although no one can know why someone sought your information and what they intend to do with it, given the risks involved, it is important that you take the situation seriously.
Below are some ways to protect yourself against identity theft and other possible financial data breach risks such as this:
- Read the American Osteopathic Association’s Data Breach Letter carefully to determine what information about you was accessible;
- Make a copy of the letter for your records;
- Sign up for the free credit monitoring service provided by the American Osteopathic Association;
- Change all your passwords and security questions for all online accounts;
- Enable two-factor authentication, where available;
- Regularly review your credit card and bank account statements for any signs of suspicious activity;
- Monitor your credit report for any unexpected changes that could be a sign of identity theft;
- Contact one of the major credit bureaus to ask them to add a fraud alert to your profile; and
- Notify your banks and credit card companies of the data breach.
About the American Osteopathic Association
The American Osteopathic Association is a member organization representative of osteopathic physicians and medical students considering entering the field of osteopathic medicine. The American Osteopathic Association is also the primary certifying body for physicians or osteopathic medicine as well as the accrediting agency for all osteopathic medical schools. The American Osteopathic Association represents more than 168,000 osteopathic physicians and medical students across the United States.
American Osteopathic Association Consumer Data Breach Details
According to the latest data breach letter published by the American Osteopathic Association (“AOA”) on June 25, 2020, the Association first noticed suspicious activity on some of its servers. In response, AOA worked with a third-party data security company to investigate the incident. It was discovered that some consumer data had been deleted from the AOA servers. However, due to the burdens imposed by the COVID-19 pandemic, the Association did not discover the full list of affected parties until the following year. Eventually, the investigation revealed that the sensitive information of nearly 27,500 people had been compromised. This data includes:
- Full names,
- social security numbers,
- Financial account information.
The American Osteopathic Association explains that there is no indication that the unauthorized third party used or intends to use the data obtained through the cyberattack. However, an investigation is ongoing. On July 1, 2021, the company sent data breach notifications to all affected parties, notifying them of the breach and what they can do to protect themselves.
Below is a copy of the initial data breach letter issued by the American Osteopathic Association (an example of the actual notice sent to consumers can be found here):
The American Osteopathic Association (“AOA”) is writing to inform you of a recent incident which may have affected the security of your information. We want to provide you with information about the incident, our response, and steps you can take to better protect yourself against possible misuse of your personal information, if you believe it is necessary.
What happened? On June 25, 2020, AOA became aware of suspicious activity related to certain systems. Upon discovery, the AOA worked with third-party forensic investigators to investigate the nature and scope of the activity, as well as the AOA systems of interest. We have determined that certain information from our systems has been exfiltrated from our systems by an unauthorized actor. In response, we conducted a deliberate and thorough assessment of the information impacted during this event and to whom that information related. Like many businesses, the COVID-19 pandemic has presented significant challenges to AOA’s normal business operations. As a result, it has taken a long time for AOA to identify the names and addresses of those affected due to the impact of the pandemic on the working conditions of our staff and their inability to be on site to identify all parties. potentially affected. On June 1, 2021, we confirmed to you that the information concerning you was impacted by this event. Although we are not aware of any actual or attempted misuse of your information as a result of this incident, we take the security of the data we hold very seriously and inform you out of an abundance of caution.
What information was involved? Investigation has determined that your has been exfiltrated by an unauthorized actor.
What we do. The privacy, confidentiality and security of personal information entrusted to us are among AOA’s top priorities. After learning of the event, we investigated to determine the individuals involved and secured the compromised accounts. We have taken additional steps to improve security and better protect against similar incidents in the future. Out of an abundance of caution, we are also notifying potentially affected individuals, including yourself, so that you can take additional steps to best protect your personal information, if you believe it is appropriate to do so. While we are not aware of any misuse or attempted misuse of your personal information as a result of this event, we have arranged for Kroll to provide identity monitoring services for 12 months free of charge for you, as an extra precaution.
What you can do. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity and detecting errors over the next 12-24 months. You can also consult the information contained in the attached document. Steps you can take to help protect your information. You will also find more information about the identity monitoring services that we make available to you.
For more information. We understand that you may have questions about this incident that are not addressed in this letter. If you have additional questions, please call our dedicated helpline at 1-???-???-????, Monday through Friday: 9:00 a.m. to 6:30 p.m. EST.
We regret any inconvenience this incident may cause you. AOA remains committed to protecting the information entrusted to us and we will continue to take proactive steps to improve the security of our systems.