American Osteopathic Association Reports June 2020 Data Theft

Around 27,500 people are being advised regarding the theft of some of their personal data when the American Osteopathic Association (AOA) encountered a cyberattack. AOA is a professional organization based in Chicago that represents approximately 151,000 osteopathic doctors and medical students throughout the United States.

The AOA discovered suspicious activity inside certain sections of its systems on June 25, 2020. Its system was removed from the web, and forensic investigators began looking into the nature and extent of the breach. The investigation results showed that the attackers obtained access to systems that included personally identifiable information (PII) and exfiltrated information from those systems.

A thorough analysis of the files was done to find out which people were impacted. That review confirmed names, addresses, birth dates, Social Security numbers, financial account details, and usernames/email addresses and passwords were included in the exfiltrated information.

The AOA stated its investigation didn’t find any proof of actual or attempted misuse of the stolen information, however as a safety measure against identity theft and fraud, the organization offered to affected persons free credit monitoring and identity theft protection services for one year.

The affected individuals had been notified only after 15 months from the discovery of the incident. The AOA explained that similar to a lot of organizations, the COVID-19 pandemic caused considerable issues to its standard business operations. Due to the pandemic, it took more time for AOA to determine the affected persons’ names and addresses. As per the AOA, this was because of the pandemic’s effect on the working condition of their staff, and their incapability to be on-site to distinguish all possibly affected parties. It was only on June 1, 2021 that AOA finished identifying the total population of impacted persons and their contact details.

Based on the breach report sent to the Maine Attorney General, AO sent notifications to impacted people on October 13, 2021.

About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at