25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Ocuco Issues Notifications About 241K-Record Data Breach

Posted By on Jul 14, 2025

Ocuco Inc. has published a substitute breach notice providing further information on its March 2025 cyberattack and data breach. Ocuco explained that it was first made aware of a potential data breach on April 1, 2025, when it was discovered that a third party, via a dark web posting, claimed to have stolen data from its network.

Steps were immediately taken to secure its network, and an investigation was launched to assess the legitimacy of the claim. Assisted by third-party cybersecurity experts, Ocuco determined that a threat actor had accessed two non-production servers between March 28, 2025, and April 1, 2025. Those servers contained files, some of which were copied between March 30, 2025, and April 1, 2025.

The investigation confirmed that the threat actor exploited a recently discovered vulnerability in third-party software for initial access. The vulnerability had not been timely disclosed to Ocuco. The review of the exposed files confirmed that they contained the information of 240,961 individuals. The exposed data varied from individual to individual and included names in combination with some or all of the following: address, Social Security number, health insurance number, medical record number provider name, prescriptions/medications, diagnosis, treatment information, lab results, medical history, payment for health services, workers’ compensation claims with medical information, health insurance coverage information, health insurance claim information, financial account number without access information, and/or driver’s license number.

Ocuco said the vulnerability has now been fully patched, a review has been conducted of its general cybersecurity controls, and the company will continue to evaluate security and will take further steps, as appropriate, to improve security moving forward. At the time of issuing notification letters, Ocuco was unaware of any misuse of the exposed/stolen data.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

June 17, 2025: Optical Software Solution Provider Ocuco Reports 241K-Record Data Breach

Ocuco Inc., a Dublin, Ireland-based provider of optical software solutions for eyecare businesses, has recently notified the HHS’ Office for Civil Rights about a data breach involving the protected health information of 240,961 individuals.

Ocuco claims to be the world’s largest provider of retail optical software solutions, with its US operations based in Florida. Ocuco’s software includes the Acuitas practice management and electronic health record system, which is used by thousands of eye care practices, clinics, and lens manufacturing labs.

Relatively little information has been released by Ocuco about the data breach at the time of writing, other than the information disclosed in the May 30, 2025, OCR breach report, which lists the incident as a network server hacking incident. This appears to have been a ransomware attack by a ransomware group known as Killsec, aka Kill Security.

Killsec claims to be a hacktivist group, but it is a financially motivated ransomware-as-a-service organization that targets government agencies and private sector businesses. On April 1, 2025, Killsec added Ocuco to its dark web data leak site, and the stolen data has since been listed for download, which suggests the ransom was not paid.

While the HIPAA Journal has not verified whether protected health information is available for download, the fact that the data breach has been reported to the HHS’ Office for Civil Rights shows that protected health information has been exposed and most likely stolen in the attack.

The dark web data leak site listing includes screenshots of the stolen data, including business files, appointment information, and several folders related to U.S. and Canadian eyecare clients, including Costco, HoustonEye, Kaiser, Mayo Clinic, Optos, Specsavers, and more. Several law firms have already opened investigations into potential class action lawsuits in response to the data breach.

This post will be updated when further information becomes available.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist