Greater Pittsburgh Orthopedic Assoc. Data Breach Impacts 56,954 Patients

On Aug. 10, 2025, Greater Pittsburgh Orthopaedic Associates, Pittsburgh’s oldest continuously-operating orthopedic surgical group, detected unauthorized access to its computer network in a ransomware attack. The threat actor known as RansomHouse claimed responsibility for the incident and posted about the breach on the dark web on Aug. 20, 2025, stating that they had obtained sensitive organizational data.

This attack followed a previous ransomware incident involving D#NUT ransomware in May 2024.

The breach affected a reported 56,954 individuals across the United States. According to filings with state regulators, three Maine residents and nine Massachusetts residents were among those affected.

The compromised data included names, mailing addresses, Social Security numbers, provider names and, in some cases, medical records. This means both personally identifiable information (PII) and protected health information (PHI) were exposed, raising the risk of identity theft and medical fraud for those impacted.

The breach was publicly disclosed to the attorneys general of Maine, Massachusetts, and Vermont.

Beginning Feb. 5, 2026, written notifications were sent to affected individuals.

Greater Pittsburgh Orthopaedic Associates's response

To support those affected, Greater Pittsburgh Orthopaedic Associates is offering complimentary single-bureau credit monitoring, credit reports and credit score services for up to 24 months through Cyberscout, a TransUnion company. Impacted individuals can enroll in these services using a unique code provided in their notification letter.

The company recommends that all affected individuals remain vigilant, monitor their financial and medical accounts for suspicious activity and consider placing a fraud alert or security freeze on their credit files.

The notice also encourages individuals to obtain a free Identity Protection PIN from the IRS to help prevent tax-related identity theft.

Additional resources are available in the official consumer notice, which includes guidance on obtaining free credit reports, placing fraud alerts and security freezes and contacting relevant authorities if identity theft is suspected.