Serviceteam IT Security News

US Eye-Care Providers Report Data Breaches

The protected health information of hundreds of thousands of Americans has been exposed in two separate security incidents at eye-care providers in the United States.

Simon Eye Management reported a data breach to the Department of Health and Human Services’ Office for Civil Rights on September 14. An email hacking incident at the Delaware-based eye-care group exposed the data of 144,000 individuals.

According to a notice issued by Simon Eye, suspicious activity "related to certain employee email accounts" was observed on or about June 8. An investigation carried out with the help of third-party computer forensic specialists found that unauthorized access to some employee email accounts had occurred from May 12, 2021, to May 18, 2021.

“Our investigation revealed that the unauthorized third party attempted to engage in wire transfer and invoice manipulation attacks against the company, none of which were successful,” said the eye-care group.

Information impacted by the incident may have included names, medical histories, treatment or diagnosis information, and health insurance information. Simon Eye said that "a smaller number of individuals" may also have had their Social Security numbers, birth dates, and/or financial account information exposed.

The eye-care provider said that it had not discovered any evidence of data misuse linked to the incident. 

On May 12, USV Optical, Inc., a subsidiary of U.S. Vision, Inc., noticed suspicious activity on its network. A forensic investigation confirmed that hackers were able to access certain USV Optical servers and systems for nearly a month.

It was determined that data belonging to 180,000 individuals (employees and patients) may have been accessed and possibly exfiltrated by an unauthorized individual from April 20, 2021, to May 17, 2021. 

Information that could have been compromised included names, eye-care insurance information, and insurance claims information. In a security notice, USV Optical said that for some individuals, addresses, dates of birth, and/or "other individual identifiers" may also have been exposed. 

"We have no evidence of any identity theft or fraud occurring as a result of this incident," stated USV Optical, adding that they “are reporting this incident to relevant state and federal regulators as required."

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply