Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Breach at Eye Care Software Vendor Hits Millions of Patients

The personal information of millions of individuals may have been stolen by threat actors as a result of a data breach at Eye Care Leaders, a firm that provides electronic health record and practice management solutions.

The personal information of millions of individuals may have been stolen by threat actors as a result of a data breach at Eye Care Leaders, a firm that provides electronic health record and practice management solutions.

The Durham, North Carolina-based company, which sells eye care management software solutions, claims to work with more than 9,000 ophthalmologists and optometrists. At least 23 of these eye care providers have been impacted by a data breach that Eye Care Leaders disclosed in December 2021.

Eye Care Leaders took down the compromised systems within 24 hours after the breach was detected, but not before the attackers accessed databases and files containing patient records.

Potentially compromised information included names, addresses, birth dates, gender, phone numbers, email addresses, driver’s license numbers, health insurance information, medical record numbers, Social Security numbers, and eye care-related medical information.

“The forensics investigation revealed that databases and files compromised as part of the incident did not include credit card or financial information,” a data breach notification letter sent to Texas Tech University Health Sciences Center (TTUHSC) patients reads.

TTUHSC says Eye Care Leaders informed it on April 19 of patient data compromise, but claims that it has no evidence of any patient information being “accessed or used without authorization.”

TTUHSC informed the U.S. Department of Health and Human Services that the data of more than 1.29 million of its patients might have been compromised in the incident.

As of June 19, a list of impacted eye care providers that HIPAA Journal is maintaining shows that the data of approximately 2.2 million patients was potentially compromised in the Eye Care Leaders data breach.

Advertisement. Scroll to continue reading.

However, given the large number of customers the vendor claims to have, the total number of impacted individuals could be much higher.

Related: Healthcare Technology Provider Omnicell Discloses Ransomware Attack

Related: 500,000 Impacted by Email Breach at Illinois Healthcare Firm

Related: Over 500,000 Patients Hit by Data Breaches at Healthcare Firms in Alabama, Colorado

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.