US Eye-Care Providers Report Data Breaches

The protected health information of hundreds of thousands of Americans has been exposed in two separate security incidents at eye-care providers in the United States.

Simon Eye Management reported a data breach to the Department of Health and Human Services’ Office for Civil Rights on September 14. An email hacking incident at the Delaware-based eye-care group exposed the data of 144,000 individuals.

According to a notice issued by Simon Eye, suspicious activity "related to certain employee email accounts" was observed on or about June 8. An investigation carried out with the help of third-party computer forensic specialists found that unauthorized access to some employee email accounts had occurred from May 12, 2021, to May 18, 2021.

“Our investigation revealed that the unauthorized third party attempted to engage in wire transfer and invoice manipulation attacks against the company, none of which were successful,” said the eye-care group.

Information impacted by the incident may have included names, medical histories, treatment or diagnosis information, and health insurance information. Simon Eye said that "a smaller number of individuals" may also have had their Social Security numbers, birth dates, and/or financial account information exposed.

The eye-care provider said that it had not discovered any evidence of data misuse linked to the incident. 

On May 12, USV Optical, Inc., a subsidiary of U.S. Vision, Inc., noticed suspicious activity on its network. A forensic investigation confirmed that hackers were able to access certain USV Optical servers and systems for nearly a month.

Support the originator by clicking the read the rest link below.