Aligned Orthopedic Reports Year‑Long Email Breach Exposing SSNs and Health Data

**TL;DR** Aligned Orthopedic detected an email intrusion from November 16 to December 16 2025 that may have exposed SSNs, driver’s license numbers, financial details and extensive health information. Notification letters will begin mailing April 17 2026 and free identity‑protection enrollment via Cyberscout runs until July 16 2026.

**Context** Aligned Orthopedic Partners, operating as ASC Ortho Management Company LLC, discovered unusual activity in its email environment on December 8 2025. After engaging external cybersecurity experts, the company completed a forensic review on February 17 2026, confirming that personal and protected health information could have been accessed during the roughly one‑month window.

**Key Facts** The breach window spanned November 16 – December 16 2025. Exposed data types include names, dates of birth, Social Security numbers, driver’s license or state ID numbers, financial account numbers, Medicaid/Medicare numbers, medical dates of service, diagnoses, prescription information and health insurance details. The company discovered the incident on December 8 2025 and will mail notification letters to affected individuals on April 17 2026. Complimentary identity‑protection services through Cyberscout are available, with enrollment closing July 16 2026.

**What It Means** The incident highlights the risk of email‑based intrusions leading to large‑scale exposure of both PII and PHI. Organizations that rely on email for patient communication must treat email accounts as high‑value targets and implement controls that detect credential abuse and data exfiltration.

**Mitigations** Defenders should enforce multi‑factor authentication on all email accounts, monitor for anomalous login patterns (MITRE ATT&CK T1078 – Valid Accounts), and enable detailed logging with alerts for unusual mailbox access (T1087 – Account Discovery). Implementing anti‑phishing controls and user training reduces the likelihood of credential theft (T1566 – Phishing). Regularly patching email servers and applying vendor advisories (e.g., Microsoft Exchange Server CVE‑2023‑XXXXX series) closes known exploitation paths. Deploying data loss prevention (DLP) rules to block outbound transmission of SSNs and health identifiers adds a final safeguard.

**What to watch next** Monitor whether affected individuals experience identity‑theft spikes and watch for any regulatory actions or settlements stemming from the breach.