SightCare, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
SightCare, Inc., an Arizona-based nonprofit optometric corporation, experienced a significant data breach that was disclosed on October 28, 2022. This breach exposed sensitive data of potentially hundreds of thousands of patients, given that SightCare serves over 500,000 patients primarily in Maricopa and Pinal counties. The unauthorized access occurred on the U.S. Vision data servers, which were compromised for nearly a month, allowing the attacker(s) to access and possibly copy countless files, many of which belonged to SightCare Inc. patients[1].
The breach was part of a larger cyberattack targeting U.S. Vision and its subsidiary USV Optical, which failed to implement adequate cybersecurity measures. This negligence led to a 27-day data breach from April 20 to May 12, 2021, affecting multiple eye care companies, including SightCare, Inc. The compromised data included a wide range of personal and health information, such as full addresses, dates of birth, Social Security numbers, medical record numbers, and health insurance information[3].
In response to the breach, affected companies, including SightCare, Inc., sent out data breach letters to all individuals whose information was compromised. These letters were sent on October 28, 2022, significantly after the breach was first discovered. SightCare Inc. and U.S. Vision have offered complimentary fraud and identity monitoring services for up to 12 months to the victims[1][5].
This incident is part of a larger trend of healthcare data breaches, which are particularly damaging due to the sensitive nature of the information involved. The breach at SightCare, Inc. was reported as one of the significant healthcare data breaches in Arizona in 2022, affecting 637,999 individuals[6][7].
Citations:
- https://www.idstrong.com/data-breaches/sightcare-inc-breach/
- https://dojmt.gov/consumer/databreach/
- https://www.classaction.org/news/u.s.-vision-usv-optical-failed-to-prevent-2021-data-breach-class-action-alleges
- https://www.mass.gov/lists/data-breach-notification-letters-october-2022
- https://www.jdsupra.com/legalnews/u-s-vision-inc-announces-data-breach-1577984/
- https://www.hipaajournal.com/october-2022-healthcare-data-breach-report/
- https://stacker.com/arizona/biggest-health-care-data-breaches-you-should-know-about-arizona
- https://www.hipaajournal.com/u-s-vision-subsidiary-and-florida-addiction-treatment-center-announce-2021-data-breaches/
- https://oag.ca.gov/privacy/databreach/list
- https://www.jdsupra.com/legalnews/black-gould-associates-inc-notifies-4485640/