Aligned Orthopedic Discloses Data Breach Affecting Social Security Numbers

ASC Ortho Management Company LLC, which does business as Aligned Orthopedic Partners, has disclosed a data breach involving unauthorized access to its email environment.

An unknown actor gained unauthorized access to Aligned Orthopedic's email environment between Nov. 16, 2025, and Dec. 16, 2025. During that roughly one-month period, the actor potentially accessed certain emails and files contained within the email system.

After identifying unusual activity, the company launched an investigation with the support of external cybersecurity experts. A comprehensive review of the affected data concluded on Feb. 17, 2026.

That review determined that certain individuals' personal information and protected health information may have been involved in the incident.

The personally identifiable information (PII) potentially exposed included names, dates of birth, Social Security numbers, driver's license or state identification numbers and financial account numbers. The protected health information (PHI) potentially exposed included Medicaid or Medicare numbers, medical dates of service, medical provider names, mental or physical condition, medical treatment information, diagnosis or clinical information, prescription information, health insurance information, patient account numbers and medical record numbers.

The company discovered the breach on Dec. 8, 2025, and plans to begin mailing notification letters to affected individuals on April 17, 2026.

Aligned Orthopedic Partners' response

The company plans to mail notification letters to potentially affected individuals for whom it has identifiable address information. The letters will provide information about the incident and offer resources that individuals can use to help protect their personal information.

Aligned Orthopedic is offering complimentary identity protection services through Cyberscout, a TransUnion company that specializes in fraud assistance and remediation services. All affected individuals may qualify to enroll in these services. However, individuals who have not received a notification letter must first verify their eligibility by calling the company's dedicated call center.

The deadline to enroll in identity protection services is July 16, 2026.

The company has set up a toll-free call center at 1-833-877-6247 to answer questions about the incident. The call center is staffed Monday through Friday from 8 a.m. to 8 p.m. Eastern Time, excluding major U.S. holidays. Affected individuals can call this number to learn more about the breach, verify their eligibility for identity protection services or get help with any related questions.