HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Eye Care Leaders Hack Impacts Millions of Patients

Unauthorized individuals have gained access to the systems of Eye Care Leaders, a provider of electronic health records and patient management software solutions for eye care practices. On or around December 4, 2021, hackers gained access to its myCare Identity solution and deleted databases, systems configuration files, and data.

Eye Care Leaders said its incident response team immediately stopped the unauthorized activity when the breach was detected and launched an investigation into the security breach. The investigation is ongoing, but notifications have now been sent to affected ophthalmology and optometry practices.

While the investigation has not uncovered evidence to suggest the attackers viewed or exfiltrated sensitive data, the possibility of unauthorized data access and theft could not be ruled out. The types of information that have been exposed included patient names, dates of birth, medical record numbers, health insurance information, Social Security numbers, and information regarding the care received at the affected eye care practices. The breach was confined to the myCare Identity solution. The systems of eye care providers that use the solution were not compromised. It is currently unclear how many individuals have been affected by the breach. The Eye Care Leaders website states that it provides software solutions to more than 9,000 ophthalmologists and optometrists.

The number of eye care providers affected by the breach has been growing over the past few weeks, and it is now known that the protected health information of more than 3.6 million patients has been exposed and potentially compromised. 40 Eye care providers are known to have been affected by the security incident and are listed in the table below. The table was last updated on September 27, 2022.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Eye Care Providers Affected by Eye Care Leaders’ Data Breach

Affected Eye Care Provider Breached Records
Texas Tech University Health Science Center 1,290.104
Wolfe Clinic 542,776
Stokes Regional Eye Centers in South Carolina 266,170
Regional Eye Associates, Inc. & Surgical Eye Center of Morgantown in West Virginia 194,035
Spectrum Eye Physicians in California 175,000
Mattax Neu Prater Eye Center in Missouri 92,361
Sight Partners Physicians in Washington 86,101
Texas Eye Associates 75,092
Carolina Eyecare Physicians in South Carolina 68,739
Precision Eye Care in Missouri 58,462
Magie Mabrey Hughes Eye Clinic (Arkansas Retina) in Arkansas 57,394
Shoreline Eye Group in Connecticut 57,047
Summit Eye Associates in Tennessee 53,818
AU Health in Georgia 50,631
Finkelstein Eye Associates in Illinois 48,587
Aloha Laser Vision in Hawaii 43,263
Center for Sight in Massachusetts 41,041
Associated Eye Care in Minnesota 40,793
Moyes Eye Center, PC in Missouri 38,000
McCoy Vision Center in Alabama 33,930
Chesapeake Eye Center in Maryland 32,770
Long Vision Center in Texas 29,237
Frank Eye Center in Kansas 26,333
Alabama Eye & Cataract, P.C 26,000
Lori A. Harkins MD, P.C. dba Harkins Eye Clinic in Nebraska 23,993
East Valley Ophthalmology in Arizona 20,734
Allied Eye Physicians & Surgeons in Ohio 20,651
EvergreenHealth in Washington 20,533
Sylvester Eye Care in Oklahoma 19,377
Cherry Creek Eye Physicians and Surgeons, P.C. in Colorado 17,732
Granbury Eye Clinic in Texas 16,475
Arkfeld, Parson, and Goldstein, dba Ilumin in Nebraska 14,984
Associated Ophthalmologists of Kansas City, P.C. in Missouri 13,461
Kernersville Eye Surgeons in North Carolina 13,412
Northern Eye Care Associates in Michigan 8,000
Sharper Vision in Kansas 6,891
Ad Astra Eye in Arkansas 3,684
Kurilec Eye Care in Connecticut 2,876
Fishman Vision in California 2,646
Burman & Zuckerbrod Ophthalmology Associates, P.C. in Michigan 1,337
Total 3,634,470

 

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.