GREATER Pittsburgh Orthopaedic Associates disclosed a 2025 breach that occurred on or about August 10, 2025, with external listings on RansomHouse appearing on August 20, 2025. According to HHS’s public breach tool, 35,000 patients were affected, though letters to patients were not mailed until February 5, 2026, and DataBreaches[.]net could not locate a substitute notice on GPOA’s website.
In their February 20, 2026 disclosure to the Maine Attorney General’s Office, external counsel indicated that 56,954 people were affected by the incident, but it remains unclear whether that figure includes non-patients or is the final total. The RansomHouse listing was never updated, raising questions about whether any data was sold or leaked, and DataBreaches[.]net found no comments from GPOA regarding the claims.
The piece also notes a separate 2024 claim by DonutLeaks that Pittsburgh’s Trusted Orthopaedic Surgeons was hacked, a claim not reflected on HHS’s Breach tool. DataBreaches[.]net pressed GPOA’s external counsel with three questions and has not received a reply.