Carolina Arthritis Data Breach Affects 36,961 Patients

On January 21, 2025, Carolina Arthritis Associates discovered a data breach that has potentially affected 36,961 individuals across the United States. This breach is particularly concerning due to the sensitive nature of the information exposed, which includes PII and PHI.

A Claim Depot dark web investigation found that on October 23, 2024, the ransomeware group, ThreeAM, posted on their dark web website that they had hacked the company. Ransomeware groups typically make demands for a ransom payment in exchange for not making the stolen data public.

It is unclear whether or not CAA paid the ransom to protect affected individuals.

Information Exposed:

• Personally Identifiable Information
• Names
• Social Security Numbers
• Dates of Birth

• Protected Health Information
• Medical Treatment or Procedure Information
• Medical Record Number
• Medical Provider Name

Carolina Arthritis Associates's Response

In response to the data breach, Carolina Arthritis Associates has taken steps to notify affected individuals. The company sent written notices to consumers on February 27, 2025. These notices are intended to inform individuals about the breach and provide guidance on how to protect themselves from potential identity theft or fraud.

Given the sensitive nature of the information exposed, it is crucial for those affected to monitor their financial accounts and credit reports closely. Individuals should also consider placing a fraud alert or security freeze on their credit files. Additionally, it is advisable to be vigilant for any suspicious activity or communications that could indicate identity theft.

For more information, affected individuals can access the official breach disclosure documents through the respective state attorney general websites.

You can view the Maine Attorney General's disclosure, the Massachusetts Attorney General's disclosure, the South Carolina Attorney General's disclosure, and the Vermont Attorney General's disclosure. Additionally, the U.S. Department of Health and Human Services' breach report provides further details.

About Carolina Arthritis Associates

Carolina Arthritis Associates is a medical practice dedicated to providing comprehensive care for patients with arthritis and related conditions. With a focus on personalized treatment plans, the practice aims to enhance the quality of life for its patients through expert medical care and support. For more information about their services, visit their official website.