Colorado Eye Clinic Investigating Suspected Ransomware Attack
Data security incidents have been announced by Columbia Eye Clinic in South Carolina, Meigs County Emergency Medical Services in Ohio, Cottrill’s Specialty Pharmacy in New York, and ALN Medical Management in Colorado.
Columbia Eye Clinic, South Carolina
Columbia Eye Clinic, a medical and surgical ophthalmology practice with four locations in Columbia and Lexington in South Carolina, announced a data security incident on March 14, 2025, involving the exposure of patients’ protected health information. The incident was described as “an information technology network disruption that impacted the clinic’s accessibility to certain electronic systems” – language indicative of a ransomware attack. The incident was detected on January 13, 2025, and the forensic investigation confirmed that an unauthorized actor accessed its network between January 9, 2025, and January 13, 2025, and may have viewed or obtained patient data.
The investigation is ongoing, and the e-discovery process has begun to determine the individuals affected and the data exposed. The initial assessment suggests that the information likely exposed in the incident may include names, contact information, dates of birth, procedure codes, and other information needed to obtain pre-approval for eye-related procedures. No evidence has been found of unauthorized access to its electronic medical record system or practice management systems, and there are no indications that any of the exposed information has been misused.
Columbia Eye Clinic reset all passwords after the attack, has rebuilt its environment from backup systems, issued new devices and software, enhanced its security policies and procedures, implemented new monitoring software, and hardened security across its IT environment. Individual notification letters will be mailed to the affected individuals when the e-discovery process is completed. In the interim, the breach has been reported to the HHS’ Office for Civil Rights as involving the protected health information of at least 500 individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Meigs County Emergency Medical Services
Meigs County Emergency Medical Services in Ohio has started notifying 5,802 individuals about a recent cyber incident that involved the theft of patient data. On January 21, 2025, Meigs EMS identified unauthorized access to an employee email account. A third-party digital forensics firm assisted with the investigation and confirmed that the account contents had been downloaded.
The email account was reviewed and found to contain names, addresses, Social Security numbers, driver’s license numbers, account numbers, routing numbers, dates of birth, medical information such as condition, diagnosis, treatment information, as well as insurance identification numbers, insurance billing information, and service-related information such as dates of service, case ID numbers, and unique identifiers. Since there is the potential for misuse of the stolen data, the affected individuals have been advised to take steps to protect their personal information by reviewing and monitoring account statements, free credit reports, and Explanation of Benefits statements, and report any unauthorized or suspicious activity to the appropriate authorities.
Cottrill’s Specialty Pharmacy, New York
Cottrill’s Pharmacy, Inc., dba Cottrill’s Specialty Pharmacy in Orchard Park, NY, has recently disclosed a data security incident that potentially involved unauthorized access to the data of 2,348 patients. Suspicious activity was identified within its network on January 21, 2025, and it was confirmed that an unauthorized third party had access to its network on that date. While the window of opportunity was short, it is possible that data on the compromised parts of the network was acquired by the threat actor. The file review was completed on February 24, 2025, and confirmed that the types of data compromised included names plus some or all of the following: date of birth, Social Security number, driver’s license or state identification number, medical information, and health insurance information.
ALN Medical Management, Colorado
ALN Medical Management, a Littleton, Colorado-based revenue cycle management and billing services provider, now part of Health Prime International, has recently disclosed a data breach that was identified a year ago in March 2024. The incident involved unauthorized access to systems hosted by a third-party service provider. The forensic investigation confirmed that files and folders within that environment had been accessed or copied between March 18, 2024, and March 24, 2024.
An in-depth review process was initiated to determine the individuals affected and the types of data involved, and that process was completed on January 31, 2025. The types of data involved vary from individual to individual and may include names in combination with one or more of the following: Social Security number, driver’s license number, government-issued ID number, financial information such as account number, credit/debit card number, medical information, and health insurance information. Notification letters started to be mailed to the affected individuals on March 21, 2025. State attorneys general have been notified, as has the HHS’ Office for Civil Rights, initially as a breach involving the protected health information of 501 individuals. The total has now been updated to 1,823,844 individuals, making it one of the largest healthcare data breaches of the year.
