Retina Group of Washington, PLLC

The Retina Group of Washington, PLLC (RGW), a healthcare provider specializing in retinal diseases and vitreoretinal surgery, experienced a significant data breach. This incident, which took place on March 26, 2023, involved unauthorized access and acquisition of sensitive personal identifiable information and protected health information belonging to over 450,000 individuals[4]. The compromised data included names, Social Security numbers, dates of birth, driver’s licenses or other government-issued ID numbers, addresses, contact information, medical record numbers, dates of service, demographic information, health information, payment information, and insurance information[4].

RGW discovered the cyberattack when it began having difficulty accessing data in parts of its network. A subsequent investigation determined that an unauthorized third party had accessed and acquired certain information belonging to RGW patients[9]. In response to the breach, RGW took steps to secure the affected systems, initiated a privileged and confidential investigation, and reported the incident to the Federal Bureau of Investigation. Despite having numerous procedures previously in place, RGW has implemented and is continuing to implement additional procedures and security measures to further strengthen the security of its systems[11].

The breach has led to legal action against RGW. A class action lawsuit was filed, alleging negligence on the part of RGW for failing to implement adequate cybersecurity protocols and properly encrypt patient information. The lawsuit claims that the data breach was “foreseeable and preventable” and that the compromised data may have included individuals’ full names, addresses, dates of birth, email addresses, Social Security numbers, driver’s license details, and medical and health insurance information[9].

RGW has begun notifying individuals whose information may have been impacted by the breach. The organization is providing access to credit monitoring services at no charge to those affected and has advised individuals to review their account statements and credit reports for signs of fraud or unauthorized activity[4][11].

This incident is part of a larger trend of increasing healthcare data breaches, highlighting the ongoing challenges healthcare providers face in protecting sensitive patient information against cyber threats[3].

Citations:

1. https://www.rgw.com/notice-of-data-breach/
2. https://www.pacermonitor.com/public/filings/DR2VBGUQ/Boehles_v_The_Retina_Group_of_Washington__mddce-24-00020__0001.0.pdf
3. https://www.hipaajournal.com/december-2023-healthcare-data-breach-report/
4. https://www.turkestrauss.com/2023/12/29/the-retina-group-of-washington-data-breach-investigation/
5. https://www.jdsupra.com/legalnews/us-data-breach-and-privacy-2019-12921/
6. https://colevannote.com/investigations/
7. https://www.msdlegal.com/blog/2024/01/the-retina-group-of-washington-pllc-data-breach-class-action-lawsuit-investigation/
8. https://www.ophthalmologytimes.com/clinical/retina?page=5
9. https://www.classaction.org/news/the-retina-group-of-washington-hit-with-class-action-over-march-2023-cyberattack
10. https://www.hipaajournal.com/hipaa-violation-cases/
11. https://www.mass.gov/doc/assigned-data-breach-number-31215-retina-group-of-washington-pllc/download
12. https://media.newswire.ca/forefrontmedianews.html?filter=20509&rkey=20231228NY01856
13. https://www.classaction.org/media/mccormick-v-the-retina-group-of-washington-pllc.pdf
14. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf