Third-party vendor error exposes data of 19K patients for 2 months

Orlando Orthopaedic Center suffered a data breach in which 19,101 patient records were exposed for two months due to an error by a transcriptionist vendor during a software upgrade. The breach included patient names, dates of birth, insurance details, and medical treatment, with a limited number of patients having their social security numbers breached. The organization took nearly six months to notify patients, raising concerns about breach reporting timeliness and third-party risk management. The vendor has corrected the issue, and all patients are being offered free credit monitoring.