Orthopedic surgery and musculoskeletal care practice.
Between approximately September 17 and 25, 2025, an unauthorized party accessed and exfiltrated data from Western Orthopaedics, P.C. On October 4, 2025, the PEAR ransomware group claimed the attack on its dark-web leak site. Initially unconfirmed, the practice later confirmed the breach and notified 113,330 individuals in 2026. DataBreach.com’s independent parse of the leaked dataset confirmed circulating fields: names, home addresses, phone numbers, emails, and Social Security numbers. The company’s notification additionally reported that dates of birth and financial account, credit/debit card, and medical information may have been involved; those categories were not confirmed in the parsed circulating dump. Affected individuals were offered credit monitoring through Epiq. (Note: DataBreach parsed field-level tallies such as 193,000 phone numbers; the confirmed affected-individual count is 113,330.)
ObscureIQ assessment: Severe risk of identity theft, medical fraud, and privacy harm. Orthopedic and surgical context also increases the value of billing and treatment-themed phishing.
The confirmed circulating data (names, addresses, phone numbers, emails, and Social Security numbers) for more than 113,000 patients creates substantial identity-theft and phishing risk. The company’s notification also reported potential exposure of dates of birth, payment-card/financial account, and medical information; if those are in the full dump, identity-, payment-, and medical-fraud risk rises materially. The surgical-care context adds credibility to treatment- and billing-themed scams, and the incident has generated class-action liability.
Western Orthopaedics, P.C. is an established orthopedic surgery and musculoskeletal care practice based in the Denver/Englewood, Colorado area, in operation since 1938. It provides conservative and surgical treatment for injuries of the neck, shoulder, elbow, wrist, hand, back, hip, knee, ankle, and foot, along with imaging, physical therapy, and durable medical equipment services. The practice is affiliated with the HCA HealthONE system.
Orthopedic clinic networks collect patient identity, contact, insurance, billing, appointment, imaging, and treatment records across specialty care operations.
Western Orthopaedics joined the HCA HealthONE system. After an unauthorized party accessed its systems in September 2025, the practice confirmed the breach and notified 113,330 individuals in 2026, offering complimentary credit monitoring and identity protection through Epiq. Multiple law firms have since launched class-action investigations into the incident.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.
If you believe your information may be included:
Between approximately September 17 and 25, 2025, an unauthorized party accessed and exfiltrated data from Western Orthopaedics, P.C. On October 4, 2025, the PEAR ransomware group claimed the attack on its dark-web leak site. Initially unconfirmed, the practice later confirmed the breach and…
Verified fields include Email Address, Full Name, Phone Number, Physical Address, Social Security Number.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation