SightCare, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

SightCare, Inc., an Arizona-based nonprofit optometric corporation, experienced a significant data breach that was disclosed on October 28, 2022. This breach exposed sensitive data of potentially hundreds of thousands of patients, given that SightCare serves over 500,000 patients primarily in Maricopa and Pinal counties. The unauthorized access occurred on the U.S. Vision data servers, which were compromised for nearly a month, allowing the attacker(s) to access and possibly copy countless files, many of which belonged to SightCare Inc. patients[1].

The breach was part of a larger cyberattack targeting U.S. Vision and its subsidiary USV Optical, which failed to implement adequate cybersecurity measures. This negligence led to a 27-day data breach from April 20 to May 12, 2021, affecting multiple eye care companies, including SightCare, Inc. The compromised data included a wide range of personal and health information, such as full addresses, dates of birth, Social Security numbers, medical record numbers, and health insurance information[3].

In response to the breach, affected companies, including SightCare, Inc., sent out data breach letters to all individuals whose information was compromised. These letters were sent on October 28, 2022, significantly after the breach was first discovered. SightCare Inc. and U.S. Vision have offered complimentary fraud and identity monitoring services for up to 12 months to the victims[1][5].

This incident is part of a larger trend of healthcare data breaches, which are particularly damaging due to the sensitive nature of the information involved. The breach at SightCare, Inc. was reported as one of the significant healthcare data breaches in Arizona in 2022, affecting 637,999 individuals[6][7].

Citations:

  1. https://www.idstrong.com/data-breaches/sightcare-inc-breach/
  2. https://dojmt.gov/consumer/databreach/
  3. https://www.classaction.org/news/u.s.-vision-usv-optical-failed-to-prevent-2021-data-breach-class-action-alleges
  4. https://www.mass.gov/lists/data-breach-notification-letters-october-2022
  5. https://www.jdsupra.com/legalnews/u-s-vision-inc-announces-data-breach-1577984/
  6. https://www.hipaajournal.com/october-2022-healthcare-data-breach-report/
  7. https://stacker.com/arizona/biggest-health-care-data-breaches-you-should-know-about-arizona
  8. https://www.hipaajournal.com/u-s-vision-subsidiary-and-florida-addiction-treatment-center-announce-2021-data-breaches/
  9. https://oag.ca.gov/privacy/databreach/list
  10. https://www.jdsupra.com/legalnews/black-gould-associates-inc-notifies-4485640/
Breach Submission Date Oct 28, 2022
Converted Entity Name SightCare, Inc.
Converted Entity Type Health Plan
State AZ
Individuals Affected 637,999
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes