A data leak at Eye Care Leaders, a company that provides electronic health record and practice management systems, may have exposed the personal information of millions of people to threat actors. The Durham, North Carolina-based firm claims to collaborate with over 9,000 ophthalmologists and optometrists and provides eye care management software solutions. A data breach discovered by Eye Care Leaders in December 2021 compromised at least 23 of these eye care providers.
The hacked systems were shut down within 24 hours of the intrusion being discovered, but not before the attackers gained access to databases and patient records files. Names, birth dates, phone numbers, gender, addresses, Social Security numbers, email addresses, driver’s license numbers, medical record numbers, health insurance information, and eye care-related medical information were among the data that might have been exposed.
“The forensics investigation revealed that databases and files compromised as part of the incident did not include credit card or financial information,” as mentioned in a data breach notification letter addressed to Texas Tech University Health Sciences Center (TTUHSC) patients.
TTUHSC alleges that Eye Care Leaders notified it on April 19 of a patient data breach but that it has no proof that any patient information was ”accessed or used without authorization.” TTUHSC notified the US Department of Health and Human Services that the issue may have exposed the data of over 1.29 million of its patients.
As of June 19, the data of about 2.2 million patients was possibly affected in the Eye Care Leaders data breach, as per a list of impacted eye care providers maintained by HIPAA Journal. However, considering the vendor’s assertion of a huge number of clients, the overall number of people affected might be significantly larger.