25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

VisionWeb Data Breach Affects Up to 35,900 Individuals

Posted By on Oct 18, 2022

Austin, TX-based VisionWeb Holdings, a provider of Internet-delivered software solutions for the eye care industry for improving practice efficiency, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected up to 35,900 patients.

According to the breach report sent to the HHS on October 3, 2022, unauthorized individuals gained access to its email environment which contained patient information. The breach was also reported to the Texas Attorney General, with that report stating that names, Social Security numbers, government-issued identification numbers, medical information, and health insurance information had potentially been compromised. Individual notifications started to be sent to affected individuals on October 3, 2022, along with information on the steps they can take to protect against identity theft and fraud.

This post will be updated when further information about the breach becomes available.

Eventus WholeHealth Announces Email Account Breach

Durham, NC-based Eventus WholeHealth has recently confirmed that the email account of an employee has been accessed by an unauthorized individual. Suspicious email account activity was detected on June 1, 2022, and immediate action was taken to secure the account. The investigation into the breach confirmed on August 17, 2022, that an unauthorized third party had accessed the account and may have viewed or copied sensitive patient data, although no specific evidence of unauthorized data access or data theft was discovered.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Eventus said the breach was confined to a single email account and explained that the account had multifactor authentication in place, but that it failed to prevent unauthorized access. Individual notifications are being sent to affected individuals, who will be told the exact types of information that have been exposed. Those data types were not detailed in the breach notification sent to the Montana Attorney General. Affected individuals are being offered complimentary credit monitoring and identity theft protection services.

The incident has yet to appear on the HHS’ Office for Civil Rights website, so it is unclear how many individuals have been affected.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist