Florida Eye Care Provider Data Breach Affects 153,000 Patients
Retina Group of Florida is the latest eye care provider to report a breach of patient data. The protected health information of almost 153,000 patients was potentially compromised in a November 2024 hacking incident. Retina Group of Florida is a multi-physician, 22-office ophthalmology practice specializing in diseases of the retina. On November 9, 2024, suspicious activity indicative of an intrusion was identified in a portion of its computer network. Immediate action was taken to secure its network and contain the potential threat, and an investigation was launched to determine the nature and scope of the activity.
The investigation confirmed unauthorized network access to parts of its network starting on November 6, 2024. Over the four-day intrusion, patient data may have been copied from the network. The review of all exposed files was completed on August 18, 2025, and over the next month, contact information was verified to allow notification letters to be sent. The notification process started on September 16, 2025, and the affected individuals have been offered credit monitoring and identity theft protection services for 12 months. The HHS’ Office for Civil Rights was notified about the incident on September 9, 2025. The breach report indicates that the electronic protected health information of up to 152,691 individuals was potentially compromised.
Several other data breaches have been reported by ophthalmology practices this year, including a 107,000-record data breach at Black Hills Regional Eye Institute and a 205,000-record data breach at Asheville Eye Associates.
Hampton Regional Medical Center, South Carolina
Hampton Regional Medical Center, a general acute care hospital in Varnville, South Carolina, has warned patients that they may have had some of their personal and health data exposed in a recent cybersecurity incident. Suspicious activity was identified in its computer systems on or around July 16, 2025. An investigation was launched, and it was confirmed that an unauthorized third party had access to certain systems between June 18 and July 16, 2025. During that time, unauthorized access to patient data was possible and patient data may have been copied from its computer systems.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The exposed files are currently being reviewed to determine which patients have been affected and the types of information involved. That process has yet to be completed, so the number of affected individuals is not yet known. Currently, information known to have been exposed includes names, dates of birth, Social Security numbers, driver’s license/state identification numbers, other demographic information, and medical information.
Notification letters will be mailed to the affected individuals when the file review is concluded. In the meantime, all patients have been advised to remain vigilant against identity theft and fraud by monitoring their account statements, free credit reports, and explanation of benefits statements. Hampton Regional Medical Center is implementing additional administrative and technical safeguards to harden security and is reviewing its policies and procedures.
