CoPilot Texas-based Texas Patients Just Informed of 2015 Breach

by | Oct 10, 2017

Texas orthopedic clinic CoPilot are just now informing their patients that their protected health information may have been exposed in a 2015 CoPilot data breach.

In October 2015, an online portal managed by CoPilot Provider Support Services was accessed by an unauthorized person. That person gained access to, and downloaded, the private date of more than 220,000 patients. The website was used by patients to find out if either of two drugs – ORTHOVISC® and MONOVISC® – were included in the patients’ health cover.

CoPilot found out that its website had been breached on December 23, 2015, and began an investigation. The person who obtained the data was identified and the issue was reported to law enforcement agencies. No information was thought to have been accessible by the public.

While the incident was settled, CoPilot delayed sending out breach notifications until January 2017. That delay lead to a $130,000 fine from the New York Attorney General being applied in June 2017.

It has been two years since the breach occurred, and eight months from when notifications were sent out, but some breach victims are only just finding out that they have been impacted. 653 patients of Kraig R. Pepper, D.O., P.A. were only warned of the breach in late September.

Dr. Pepper did not find out about the breach until July 31, 2017, when he discovered some of his patients’ data had been exposed in the 2015 CoPilot data violation. The breached data did not include any medical records, X-rays, or test results stored by Dr. Pepper, only information that was supplied to DePuy Mitek, Inc., the firm from which the drugs were bought. The information supplied to that company and was exposed included names, addresses, Social Security numbers, dates of birth, phone numbers, gender, ID numbers, Group numbers, medical insurance information, prescription information, and some clinical data.

While there has been a significant delay in receiving notification, affected people have been offered identity theft protection services for free for one year.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy