OSM Data Breach Exposes PHI and PII for 20,147 Patients

Orthopaedic Specialists of Massachusetts, a medical practice providing orthopaedic and sports medicine care at offices in Norwood and Milton, Massachusetts, disclosed a data breach that exposed sensitive personal and medical information belonging to patients and employees. The incident affected at least 20,147 individuals in the state.

The breach was disclosed to the Massachusetts Office of Consumer Affairs and Business Regulation on June 12, 2026. OSM posted a notice about the incident on its website.

Between Jan. 12 and Jan. 15, 2026, an unauthorized individual may have copied certain files containing sensitive patient and employee information from OSM's systems.

On Jan. 17, 2026, a ransomware group known as Qilin posted a claim on the dark web that it had obtained the organization's data.

OSM's investigation found that information belonging to both patients and employees of the practice was potentially compromised. The investigation also determined that patients of Steven Sand M.D. may have had their data affected as part of the same incident, according to the company's notification.

After identifying the scope of the breach, OSM began a comprehensive review of the impacted files to determine exactly which types of sensitive information were involved and which individuals were affected. The review was completed on June 8, 2026.

The types of information potentially exposed in the breach included names, addresses, phone numbers, dates of birth, Social Security numbers, patient identification numbers, medical account numbers, medical records, health insurance information and other medical information.

Orthopaedic Specialists of Massachusetts' response to the breach

OSM is notifying potentially affected individuals by U.S. mail. Each notification letter contains details about the specific types of information involved for that person, as the data affected varies by individual.

For individuals who did not receive a notification letter but want to know if they were affected, OSM has established a dedicated assistance line. The number is 1-833-851-6110, and it is available between 8 a.m. and 8 p.m. Eastern time, Monday through Friday, excluding major U.S. holidays.