Allied Eye Physicians and Surgeons, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Allied Eye Physicians and Surgeons, Inc. Data Breach

Allied Eye Physicians & Surgeons, Inc., based in Ohio, experienced a data breach that was reported on April 27, 2022. The breach was a result of a hacking/IT incident that affected the network server of the organization[5][11]. The total number of individuals affected by this breach was 20,651[5][11].

Nature of the Breach

The data breach involved unauthorized access to the myCare Integrity electronic medical records (EMR) system, which is a cloud-based system provided by Eye Care Leaders (ECL), a third-party service provider to Allied Eye[3][7]. The incident occurred when an unknown attacker accessed the Integrity back-end and deleted some information on December 4, 2021[3]. The outage lasted until approximately December 15, 2021, and during this time, the myCare Integrity EMR was not available due to unspecified technical issues[3].

Information Compromised

The information included in the data breach comprised full names, addresses, dates of birth, medical record numbers, health insurance information, Social Security numbers, and other personal information[1][3][7]. Allied Eye Physicians & Surgeons, Inc. did not have any evidence of harm as a result of this incident but was notifying all patients who had protected health information or personal information stored in the myCare Integrity EMR[3].

Response to the Breach

In response to the breach, Allied Eye offered affected individuals a complimentary one-year membership of Experian IdentityWorks Credit 3B to help protect their identity[3]. They also took steps to notify all affected patients via written notification and provided a contact number for those who had questions or required assistance[3].

Broader Impact

The breach at Allied Eye Physicians & Surgeons, Inc. was part of a larger cyberattack on Eye Care Leaders, which affected multiple eye care providers and exposed the protected health information of more than 3.6 million patients[8]. This cyberattack saw the attackers delete databases and system configuration files of one of Eye Care Leaders’ cloud services[4].

Legal Actions

There has been an investigation into class action personal privacy and data theft cases related to the Allied Eye data breach, as well as other breaches involving the ECL incident[9]. The Lyon Firm, among others, is actively involved in investigating data breach claims on behalf of plaintiffs in Ohio and nationwide[9].

Conclusion

The Allied Eye Physicians & Surgeons, Inc. data breach was a significant incident that compromised the sensitive personal and health information of over 20,000 individuals. The breach was part of a larger attack on the Eye Care Leaders’ myCare Integrity EMR system, which affected millions of patients across various eye care providers. Affected individuals were offered credit monitoring services, and legal investigations are ongoing to address the breach and its consequences.

Citations:

  1. https://www.msdlegal.com/blog/2022/06/allied-eye-physicians-surgeons-inc-data-breach-class-action-investigation/
  2. https://fox8.com/news/the-biggest-health-care-data-breaches-you-should-know-about-in-ohio/
  3. https://www.doj.nh.gov/consumer/security-breaches/documents/allied-eye-physicians-surgeons-20220428.pdf
  4. https://www.hipaajournal.com/april-2022-healthcare-data-breach-report/
  5. https://apps.web.maine.gov/online/aeviewer/ME/40/4caec671-645e-4e9f-ac8b-b458514641d0.shtml
  6. https://www.washingtonpost.com/national-security/interactive/2022/ukraine-road-to-war/
  7. https://compliancy-group.com/eye-care-leaders-breach/
  8. https://www.hipaajournal.com/eye-care-leaders-impacts-millions-of-patients/
  9. https://www.thelyonfirm.com/blog/allied-eye-data-breach-investigation/
  10. https://thehipaaetool.com/eye-care-ehr-system-hacked/
  11. https://www.cleveland.com/news/2023/08/these-were-the-10-biggest-healthcare-data-breaches-in-ohio-last-year.html
Breach Submission Date Apr 27, 2022
Converted Entity Name Allied Eye Physicians and Surgeons, Inc.
Converted Entity Type Healthcare Provider
State OH
Individuals Affected 20,651
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes