Nationwide Optometry, PC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Nationwide Optometry, PC in Arizona was involved in a data breach that occurred due to a hacking incident at their business associate, USV Optical, a subsidiary of U.S. Vision. The breach was first detected on May 12, 2021, when suspicious activity was observed within USV Optical’s network. The unauthorized access lasted from April 20 to May 17, 2021, during which the attackers may have viewed or acquired sensitive patient data[6].
The compromised information included full names, dates of birth, addresses, Social Security numbers, taxpayer identification numbers, driver’s license numbers, financial account information, medical and treatment information, prescription medications, health insurance information, and billing and claims information. The types of information exposed varied from patient to patient[6].
A class action lawsuit alleges that U.S. Vision and USV Optical failed to implement adequate cybersecurity measures to safeguard customers’ sensitive information, which led to the data breach. The lawsuit also claims that the companies were negligent in their response to the breach and delayed notifying the affected individuals and state attorneys general[1].
The breach has been reported to the HHS’ Office for Civil Rights as affecting 637,999 SightCare members and 73,073 Nationwide Optometry patients. Affected individuals have been notified and offered complimentary credit monitoring and identity theft protection services[6].
The incident has led to actual cases of identity theft and fraud, as reported by an Arizona consumer who received eye care from Nationwide Vision when he was a minor. He experienced identity theft and fraud, which was discovered after receiving a letter from the IRS. The unauthorized person attempted to use the plaintiff’s name and taxpayer I.D. number to file a false tax return[1].
Nationwide Optometry, SightCare, and Nationwide Vision Center sent out data breach letters to all individuals whose information was compromised as a result of the breach on October 28, 2022[2]. The breach notification letters are available through various state attorney general offices, such as the Massachusetts Attorney General’s office[7].
Citations:
- https://www.classaction.org/news/u.s.-vision-usv-optical-failed-to-prevent-2021-data-breach-class-action-alleges
- https://www.jdsupra.com/legalnews/u-s-vision-inc-announces-data-breach-1577984/
- https://www.hipaajournal.com/october-2022-healthcare-data-breach-report/
- https://www.barnowlaw.com/nationwide-vision-sightcare-data-breach-investigation/
- https://oag.ca.gov/privacy/databreach/list
- https://www.hipaajournal.com/u-s-vision-subsidiary-and-florida-addiction-treatment-center-announce-2021-data-breaches/
- https://www.mass.gov/lists/data-breach-notification-letters-october-2022
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://inspectionsada.com/ada-compliance-blog/2021/12/20/doj-sues-ophthalmology-practice-for-ada-discriminating-against-individuals-using-wheelchairs