Northwest Eye Care Professionals

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at Northwest Eye Surgeons, P.C. (NES) and Sight Partners LLC, collectively referred to as NES, was a significant data privacy incident that occurred in 2020. On October 26, 2020, NES publicly announced that their computer systems had been compromised by an external hacking attempt. This cyberattack was first detected on May 1, 2020, but the intrusion was not immediately identified by NES. Upon discovering the breach, NES engaged a third-party cybersecurity firm to conduct a comprehensive investigation, which concluded on July 31, 2020. Following this, another external vendor was hired on August 7, 2020, to ascertain the specific records that were impacted by the breach.

The investigation revealed that an array of personal information might have been unlawfully accessed. This included sensitive data, although, as of the report, there was no evidence to suggest that any of the compromised information had been misused. In response to the incident, NES took steps to bolster their data security measures, including the implementation of two-factor authentication for email access, aiming to prevent future breaches.

The breach led to legal scrutiny, with the Saeed & Little Law Firm initiating an investigation into the data privacy event on behalf of affected individuals. The law firm aimed to explore the legal rights of those impacted and was prepared to file a class action lawsuit if warranted. The focus was on ensuring justice for the victims, whether the consequences they faced were minor or significant[1].

This incident underscores the critical importance of robust cybersecurity measures and the potential legal ramifications for organizations that experience data breaches. It also highlights the ongoing risks of cyberattacks and the need for continuous vigilance and improvement of data protection strategies to safeguard sensitive information.

Citations:

  1. https://legalherald.com/northwest-eye-surgeons-pc-data-privacy-incident/
  2. https://www.hipaajournal.com/hipaa-breaches/
  3. https://www.northwesteyesurgeons.com/privacy-policy/
  4. https://www.hipaajournal.com/november-week1-healthcare-data-breach-roundup/
  5. https://www.hipaaguide.net/hipaa-breaches/
  6. https://www.northwesthealth.com/privacy-practices
  7. https://networkassured.com/compliance/worst-healthcare-data-breaches/
  8. https://www.cbsnews.com/detroit/news/corewell-health-security-breach-priority-welltok-inc-information-concerns/
  9. https://www.hipaajournal.com/hipaa-violation-cases/
  10. https://oag.ca.gov/system/files/ELN-14255%20Harvey%20Abraham%20Fishman%20Ad%201yr%20r1prf.pdf
  11. https://www.nwaonline.com/news/2022/dec/30/nashville-hospital-hit-by-data-breach/
  12. https://news.blueshieldca.com/cybersecurity-attack-on-vendors-files-may-have-impacted-blue-shield-of-california-member-data
  13. https://compliancy-group.com/october-healthcare-breaches/
  14. https://www.identityforce.com/blog/2020-data-breaches
  15. https://www.justice.gov/opa/pr/eye-surgery-practices-agree-pay-1-million-and-end-discriminatory-policies-towards-people
  16. https://www.hipaajournal.com/may-2023-healthcare-data-breach-report/
  17. https://www.compliancejunction.com/northwestern-memorial-hospital-apex-laboratory-five-points-eye-care/
Breach Submission Date Nov 22, 2023
Converted Entity Name Northwest Eye Care Professionals
Converted Entity Type Healthcare Provider
State OR
Individuals Affected 950
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes