Northern Eye Care Associates, P.C.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Northern Eye Care Associates, P.C., located in Michigan, was one of the numerous eye care providers affected by a significant data breach involving Eye Care Leaders (ECL), a provider of electronic health records (EHR) and practice management software solutions specifically designed for ophthalmology and optometry practices. This breach was part of a larger incident that impacted over 2 million individuals across various organizations.
The breach at Eye Care Leaders occurred in December 2021 when unauthorized access to its myCare Integrity system was detected. This system is an ophthalmology-specific EHR solution offered by ECL. The attackers managed to access and potentially compromise a wide range of patient information, including names, phone numbers, addresses, emails, gender, birth dates, driver’s license numbers, health insurance information, appointment information, medical record numbers, Social Security numbers, and medical information relating to ophthalmology services. Although there was no conclusive evidence that the records were exfiltrated or used by unauthorized individuals, the possibility could not be definitively ruled out due to insufficient log files[2].
Northern Eye Care Associates was specifically impacted by this breach, with approximately 8,000 of its patients potentially affected[2][5]. The breach notification from Northern Eye Care Associates highlighted the potential breach of protected health information (PHI) but mentioned that ECL’s forensic team did not find evidence that PHI was acquired or exfiltrated. However, they could not definitively rule out that possibility[1].
This incident is part of a larger pattern of breaches involving Eye Care Leaders, which has faced multiple lawsuits regarding its handling of the breach. Plaintiffs have alleged a lack of transparency, business disruptions, and reputational harm due to the breach[2]. The breach has raised significant concerns about the security of patient information in the healthcare sector, especially among providers utilizing third-party vendors for EHR and practice management solutions.
In response to the breach, affected organizations, including Northern Eye Care Associates, have likely taken steps to enhance their cybersecurity measures and mitigate the risk of future incidents. Patients affected by the breach have been advised to remain vigilant for signs of identity theft or fraud and to consider measures to protect their personal information.
Citations:
- https://www.northerneyecareassociates.com/notice-of-potential-breach-of-phi-2/
- https://healthitsecurity.com/news/eye-care-leaders-emr-data-breach-tally-surpasses-2-million
- https://compliancy-group.com/eye-care-leaders-breach/
- https://www.jdsupra.com/legalnews/texas-tech-university-health-science-3650638/
- https://www.hipaajournal.com/eye-care-leaders-impacts-millions-of-patients/
- https://www.scmagazine.com/analysis/another-1-3m-patients-added-to-data-breach-tally-of-ransomware-attack-on-eye-care-leaders
- https://www.ironmountaindailynews.com/news/local-news/2022/05/northern-eye-care-notified-of-data-breach-with-it-vendor/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.govinfosecurity.com/victim-list-in-ehr-vendor-hack-grows-as-new-details-emerge-a-19100
- https://www.northerneyecareassociates.com
- https://healthitsecurity.com/news/eye-care-leaders-emr-breach-impacts-at-least-342k-individuals
- https://blogs.protectedharbor.com/eye-care-leaders-data-breach-caused-by-cloud-ehr-vendor-dont-be-the-next/
- https://www.netsec.news/eye-care-ehr-vendor-hack-impacts-multiple-ophthalmology-practices/