Hackers have breached Asheville Eye Associates (AEA), a major eye care center in North Carolina, taking patients’ medical data.
The hack took place mid-November last year, with attackers breaching the clinic’s systems. According to a breach notification letter that the clinic sent to impacted individuals, attackers obtained “certain files” from the company’s systems, which included personal patient data.
Information AEA submitted to the Maine Attorney General’s Office reveals that over 147,000 people were exposed in the attack. While the exact details vary from individual to individual, the exposed data includes:
- Names
- Addresses
- Social Security numbers (SSNs)
- Medical treatment information
- Health insurance information
Attackers can utilize stolen details for multiple nefarious purposes. For example, names and SSNs can be exploited for identity theft, opening fraudulent bank accounts, or filing fake tax returns.
Meanwhile, medical records are a prized position in the cyber underworld, as this type of data enables profitable schemes, such as fraudulent medical claims. Malicious actors sell medical data on the dark web, where other actors use it to illegally obtain prescription drugs.
To help impacted individuals mitigate the risks, AEA said it will provide them with complimentary credit monitoring services.
With a staff of nearly 200, AEA operates in over 10 locations across North Carolina. The clinic provides ophthalmology services.
Your email address will not be published. Required fields are markedmarked