Ad Astra Eye LLC

Ad Astra Eye LLC, an eye care provider based in Kansas, experienced a significant data breach as part of a larger cybersecurity incident involving Eye Care Leaders (ECL), a third-party vendor that stores electronic patient medical records for multiple eye care providers. This breach was part of a ransomware attack on ECL’s myCare Integrity Electronic Medical Records (EMR) system, which occurred on December 4, 2021. Ad Astra Eye LLC reported to the Office for Civil Rights (OCR) on April 29, 2022, that 3,684 individuals had been affected by this breach[1][4][5].

The breach at Ad Astra Eye LLC was part of a widespread cybersecurity issue that impacted numerous eye care providers across the United States. The attack on ECL, a cloud-based, ophthalmology-specific EHR and practice management vendor, led to the compromise of a range of patient data, including names, addresses, phone numbers, email addresses, gender, dates of birth, medical record numbers, health insurance information, appointment information, and Social Security numbers[3][7]. The incident is notable for its scale, affecting over 2.2 million individuals across 28 eye care providers by the time reports were consolidated[3].

In response to the breach, Ad Astra Eye LLC took steps to notify affected patients and offered complimentary credit monitoring services to help protect their identities. The notification letter from Ad Astra Eye LLC, signed by Dr. M. Scott Hickman, outlined the nature of the breach and the measures taken by both Ad Astra Eye and ECL to address the incident. It emphasized that while there was no evidence of misuse of the information, the possibility that the third party may have accessed or acquired information stored within ECL’s myCare Integrity EMR could not be ruled out[9].

This breach is part of a larger trend of cyberattacks targeting healthcare providers and their business associates, highlighting the vulnerabilities in the healthcare sector’s cybersecurity defenses. The healthcare industry remains a prime target for cybercriminals due to the sensitive nature of the information held, underscoring the need for robust cybersecurity measures and due diligence in managing third-party vendor relationships[1][3][7].

Citations:

1. https://thehipaaetool.com/eye-care-ehr-system-hacked/
2. https://www.ksnt.com/news/local-news/480000-kansans-affected-by-medical-data-breaches/
3. https://compliancy-group.com/eye-care-leaders-breach/
4. https://www.ksn.com/news/state-regional/biggest-health-care-data-breaches-you-should-know-about-in-kansas/
5. https://www.govinfosecurity.com/victim-list-in-ehr-vendor-hack-grows-as-new-details-emerge-a-19100
6. https://www.cjonline.com/story/news/politics/government/2023/03/14/kansas-statehouse-art-to-add-ad-astra-replica-black-soldier-mural/70003101007/
7. https://www.scmagazine.com/analysis/another-1-3m-patients-added-to-data-breach-tally-of-ransomware-attack-on-eye-care-leaders
8. https://www.bizjournals.com/kansascity/news/2023/01/27/astra-enterprise-park-de-soto-sunflower-panasonic.html
9. https://www.mass.gov/doc/assigned-data-breach-number-26481-ad-astra-eye-llc/download
10. https://www.hollywoodreporter.com/news/general-news/foxs-ad-astra-bets-more-just-space-spectacle-draw-moviegoers-1241139/
11. https://www.jdsupra.com/legalnews/texas-tech-university-health-science-3650638/
12. https://www.adastraeye.com
13. https://www.mass.gov/doc/data-breach-report-2022/download