Unauthorized persons have acquired access to the computer systems of Eye Care Leaders, which is an electronic health records and patient management software solutions provider for eye care clinics. On or around December 4, 2021, hackers obtained access to the company’s myCare Identity solution and erased databases, systems settings files, and information.
Eye Care Leaders stated its incident response staff quickly blocked the unauthorized access upon detection of the breach and started investigating the security breach. Though the investigation is not yet finished, the company already sent notifications to impacted ophthalmology and optometry clinics.
Although the investigation did not find any evidence that indicates the attackers accessed or copied sensitive information, the chance of unauthorized information access and theft cannot be excluded. The types of data that were compromised involved patient names, birth dates, medical record numbers, medical insurance data, Social Security numbers, and data concerning the treatment gotten at the impacted eye care clinics. The breach was limited to the myCare Identity program. The systems that eye care providers use were not affected. It is presently uncertain how many people were impacted by the incident. It is mentioned on the Eye Care Leaders website that over 9,000 ophthalmologists and optometrists use its software solutions.
Summit Eye Associates based in Nashville, TN mailed notifications to impacted patients on April 28, 2022, and sent a breach report to the HHS’ Office for Civil Rights indicating that up to 53,818 people were affected. Allied Eye Physicians & Surgeons based in Kettering, OH has reported that the PHI of 20,651 people was compromised, and EvergreenHealth based in Kirkland, WA also submitted a breach report and sent notification letters to 20,533 affected individuals on April 22, 2022. EvergreenHealth stated it is reviewing its partnership with Eye Care Leaders and looking at the security measures that were implemented.
Regional Eye Associates in West Virginia and Central Vermont Eye Care have also reported data breaches affecting EHRs recently, but there’s no information that indicates those data breaches were because of the cyberattack on Eye Care Leaders.