Carolina Arthritis Associates. Provides Notice Following Data Security Incident

WILMINGTON, N.C., Feb. 28, 2025 /PRNewswire/ — Carolina Arthritis Associates (“Carolina Arthritis”) experienced a data security incident that involved personal and / or protected health information belonging to certain current and former patients and has provided notice of this incident to impacted individuals.  

On September 27, 2024, Carolina Arthritis became aware of unusual activity that disrupted access to certain systems. Upon discovery, Carolina Arthritis took steps to secure its network and engaged a leading, independent digital forensics and incident response firm to investigate what happened and whether any sensitive data may have been impacted. The investigation revealed certain personal / protected health information was accessed and acquired without authorization by an unknown actor on or about September 27, 2024. Carolina Arthritis undertook a comprehensive review of the impacted data to identify the individuals and information involved, which concluded on January 21, 2025. Carolina Arthritis then took steps to provide notification as quickly as possible.

The potentially impacted information may have included names, addresses, dates of birth, driver’s license information, Social Security numbers, medical information, and health insurance information. Please note that not all data elements were affected for all individuals.

As soon as the incident was discovered, Carolina Arthritis took the steps referenced above. Carolina Arthritis notified the Federal Bureau of Investigation and will provide whatever cooperation is necessary to hold the perpetrators accountable. Carolina Arthritis also notified the U.S. Health and Human Services Office for Civil Rights and consumer reporting agencies of this incident. Carolina Arthritis is also taking additional steps to prevent a similar event from occurring in the future.

Carolina Arthritis is not aware of any evidence of actual misuse of any of the information potentially involved in this incident. However, on February 27, 2025, Carolina Arthritis mailed notice of this incident to potentially impacted individuals for which Carolina Arthritis had identifiable address information.  The notice provided information about the incident and resources that potentially impacted individuals could utilize to protect their information including the opportunity to enroll in complimentary identity protection services through TransUnion.  

Carolina Arthritis has established a toll-free call center to answer questions about the incident. The call center is available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time (excluding major U.S. holidays) and can be reached at 1-833-799-3772.  All affected individuals may qualify for complimentary identity protection services through TransUnion. Individuals who have not received a notification letter must obtain verification of eligibility through the call center to enroll in services.

View original content:https://www.prnewswire.com/news-releases/carolina-arthritis-associates-provides-notice-following-data-security-incident-302388675.html

SOURCE Carolina Arthritis Associates