Oregon Eye Care Provider and New York Children’s Center Announce Hacking Incidents
Cyberattacks have recently been announced by River City Eye in Oregon and Elmcrest Children’s Center in New York.
River City Eye Care
River City Eye Care, an eye care provider with locations in Portland and Happy Valley, Oregon, has started notifying patients about a recent security incident involving the theft of files containing patient information. Unusual network activity was detected on or around September 8, 2025, and an investigation was launched to determine the nature and scope of the activity.
The investigation confirmed unauthorized access to its network and the exfiltration of files. The affected files were reviewed, and River City Eye Care completed the review on October 1, 2025. The types of information involved vary from individual to individual and may include names in combination with one or more of the following: address, email address, phone number, and date of birth. Driver’s license numbers and Social Security numbers were involved for a limited number of individuals. Notification letters started to be mailed on October 16, 2025, and steps are being taken to reduce the risk of similar incidents in the future. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.
The Genesis threat group claimed responsibility for the attack and has added River City Eye to its data leak site. The group claims it operates a data extraction operation (no file encryption) and says it exfiltrated 200 GB of data from company management hosts and file servers, which has been made available for download. The HIPAA Journal has not downloaded any data, so cannot verify the legitimacy of the group’s claim.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Elmcrest Children’s Center
Elmcrest Children’s Center, a Syracuse, NY-based provider of support services to children with emotional, behavioral, and developmental limitations and their families, has recently disclosed a security incident involving unauthorized access to its network. The investigation into the incident is ongoing, but it has been confirmed that its network was subject to unauthorized access between March 10, 2025, and July 24, 2025, during which time files were accessed and acquired by the threat actor.
The files are still being reviewed, but based on the initial findings, the types of information involved include names, dates of birth, and medical information. Technical and administrative policies and procedures are being reviewed and will be updated to reduce the risk of similar incidents in the future. Elmcrest Children’s Center has yet to disclose how many individuals have been affected; however, the data breach does appear to be significant. The Interlock ransomware group has claimed responsibility for the attack and says almost 450 GB of data was copied.
