Western Orthopaedics Data Breach Exposes Patients' Personal and Health Information

Western Orthopaedics P.C., one of Denver's longest-running orthopedic surgery practices, disclosed a data breach involving patients' personal and health information. So far, 363 Texas residents and 46 Massachusetts residents were impacted.

An unauthorized third party accessed and acquired certain data from the practice's systems between approximately Sept. 17, 2025, and Sept. 25, 2025. As part of its investigation, Western Orthopaedics conducted an analysis, which concluded on March 3, 2026, to determine whether personal information was present in the affected data.

The types of personally identifiable information exposed included full names and addresses, phone numbers, Social Security numbers, dates of birth and financial account, credit or debit card numbers (with or without security codes, access codes or passwords).

Protected health information was also exposed, including health insurance information, health insurance plan or subscriber identification numbers, medical provider names, medical dates of service and medical cost or billing information.

On Oct. 4, 2025, a ransomware group known as PEAR claimed responsibility for the attack on a Tor-based dark web site. The group claimed to have obtained the organization's data.

Western Orthopaedics' response to the breach

Western Orthopaedics notified affected individuals by U.S. Mail.

The company is offering complimentary credit monitoring and identity protection services through Epiq at no cost to affected individuals. The services include one-bureau credit monitoring with alerts, dark web monitoring, credit freeze assistance, change of address monitoring and identity restoration support.

For questions about the breach, affected individuals can call the dedicated incident response line at 855-815-3938, available Monday through Friday from 8 a.m. to 8 p.m. Central Time.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze with Equifax (1-800-525-6285), Experian (1-888-397-3742) and TransUnion (1-800-680-7289) to help prevent unauthorized accounts from being opened.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any unfamiliar accounts or inquiries.
• Monitor bank and credit card statements for unauthorized transactions, since financial account and payment card numbers may have been part of the exposed data.
• Review Explanation of Benefits statements from health insurers for any medical services not received, as protected health information was involved in this breach.
• Be cautious of phishing attempts that reference Western Orthopaedics or this data breach by name, as scammers may use the incident to trick people into sharing more personal information.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338.