On July 1, 2024, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) received a report through their breach portal about a data security incident at Human Technology, Inc., a healthcare provider in Tennessee, affecting 24,580 individuals. Following this, the company published a data breach notice on its website concerning the incident, which may have compromised certain personal information of the individuals affected. Around March 14-15, 2024, Human Technology Inc. and its affiliates experienced a data security breach but detected this suspicious activity within their system on March 15, 2024. Consequently, the healthcare provider initiated an investigation and engaged cyber security experts to determine the extent and nature of the breach. Following the investigation, it was revealed that an unauthorized individual had accessed and/or obtained information from their network system. The assessment was finalized around May 31, 2024. Additionally, they revealed the extent of the security breach that occurred. They stated, “Based upon the forensic investigation it was determined that the following information may have been accessed and/or acquired by the unauthorized actor on the date of the incident: Your name, date of birth, driver’s license or State ID, health insurance information, medical information, passport number, social security number, account number and routing number, taxpayer identification number.”

Human Technology Inc., based in Jackson, Tennessee, is a specialized organization that focuses on providing advanced artificial limb prostheses and high-tech orthoses for patients suffering from limb loss or specific musculoskeletal conditions caused by injury, illness, or congenital anomalies. It is committed to facilitating the practitioner-patient relationship by educating patients about different prosthetic and orthotic options available to them. Additionally, they contribute to the progression of prosthetic and orthotic research to provide better treatment options for the public.

Human Technology and Its Affiliates quickly acted to control, eliminate, fix, and supervise its surroundings. These actions involved reconstructing affected systems, shutting down old systems, resetting passwords globally for all accounts, setting up GeoFencing on the firewall, introducing multi factor authentication, and monitoring 24/7 with EDR. They expressed their dedication to guaranteeing the security of their clients, stating, “While we are not aware of any identity theft or fraud caused by this incident, out of an abundance of caution, we have secured the services of Kroll to provide notification including identity theft protection and monitoring services to individuals at no cost. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data.” They further added, “The organization is currently taking steps to address the situation and mitigate any potential harm.”