Strauss Borrelli PLLC, a leading data breach law firm, is investigating Concord Orthopaedics regarding its recent data breach. The Concord Orthopaedics data breach involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT CONCORD ORTHOPAEDICS:
Concord Orthopaedics healthcare practice based in New Hampshire. Founded in 1974, Concord Orthopaedics has grown to include 27 physicians, 23 physician assistants, and three nurse practitioners providing specialized orthopaedic and rheumatology care.3 Today, Concord Orthopaedics specializes in a particular area of orthopaedics including, sports medicine, total joint surgery, spine care & surgery, hand surgery, orthopaedic traumatology, foot and ankle care, pediatric orthopaedics, general orthopaedics and rheumatology.2 Headquartered in Concord, New Hampshire, Concord Orthopaedics has seven physician office locations throughout New Hampshire.4
WHAT HAPPENED?
Recently, Concord Orthopaedics announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been accessed and acquired. According to the breach notice, on November 21, 2024, Concord Orthopaedics was notified by a third-party vendor that the software it uses to check-in patients and prospective patients for appointments was potentially accessed by an unauthorized actor. 1 As a result, Concord Orthopaedics launched an investigation to determine the nature of the incident.
Through its investigation, Concord Orthopaedics confirmed that sensitive personal information within these systems belonging to patients may have been compromised by an unauthorized third party during the breach. As a result, Concord Orthopaedics began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Driver’s license or state identification number
- Appointment information such appointment type (for example, surgical, MRI, etc.), treating physician name, and date and location of appointment
- Health insurance information such as health plan beneficiary number, health plan number, and insurance eligibility information
As a result of the data breach, Concord Orthopaedics posted a notice of the incident on its website. Additionally, on March 25, 2025, Concord Orthopaedics begann sending breach notification letters to impacted individuals. Based on the website breach notice, Concord Orthopaedics is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification that Concord Orthopaedics posted to its website is below.
If you received a breach notification letter from Concord Orthopaedics:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
LINKS:
[1]https://www.concordortho.com/storage/components/clearwave_databreach_websitenotice_1.pdf
[2] https://mm.nh.gov/files/uploads/doj/remote-docs/concord-orthopaedics-20250325.pdf
[3] https://www.concordortho.com/about
[4] https://www.concordortho.com/locations
[5] https://www.linkedin.com/company/concord-orthopaedics/about/
