Ransomware strikes healthcare clinic, over 60K patients affected


Optometry clinic in South Carolina was hit by a ransomware attack, that compromised the personal health information of more than 60K patients.

The notice to affected clients on July 26 stated that the internal network of Family Vision, an optometry center based in Anderson, South Carolina, was compromised by a ransomware attack. Reportedly, the attack happened on May 21, 2023.

An unknown threat actor installed ransomware on the clinic's server, which resulted in the server being encrypted. The server contained the personal health information of the clinic’s patients.

ADVERTISEMENT

“We immediately disabled access to our systems, launched an investigation to determine what happened and the extent of the incident, and notified law enforcement,” stated the company.

The Office of the Maine Attorney General states that 62631 people were affected by the attack. Family Vision has offered affected individuals free credit monitoring, a $1,000,000 insurance reimbursement policy, and identity theft protection services.

Personal health information compromised

“As a result of this breach, personal health information that was being processed and stored by the Practice may have been compromised. We have no indication that any information has been misused in any way,” wrote the company on its website.

Reportedly, while the information present on the server varies by individual, the attackers may have accessed demographic data, health information, and health insurance information about patients or their family members.

Sensitive data compromised includes first and last name, date of birth, social security number, driver’s license, address, telephone number, email address, and gender.

Breached information also included highly sensitive information, such as medical records, including medical record number, health insurance company, health insurance number, allergies and other medical history, appointment date, scheduled optometrist, optometry prescription, and optometry eye scans.

The company states that the stolen data did not include bank account information or credit card information.

ADVERTISEMENT