Summit Eye & Optical

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Summit Eye & Optical, located in New Jersey, experienced a significant data breach that was first discovered on March 4, 2023. The breach involved unauthorized access to the organization’s computer systems, potentially exposing sensitive personal identifiable information of its patients. The types of information that may have been compromised include dates of birth, prescription information, diagnosis information, treatment information, treatment providers, health insurance information, and medical information[1][3].

Following the discovery of the breach, Summit Eye & Optical took steps to address the incident, including initiating an investigation to understand the extent of the breach and the information that was potentially accessed. Despite the investigation, as of the date of the notices, there was no evidence found of actual or attempted misuse of the data involved in the breach[3].

To mitigate the impact on potentially affected individuals, Summit Eye & Optical began mailing written notices on May 18, 2023, to those for whom it had contact information. The organization also encouraged individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and monitoring their credit reports for suspicious activity. Additionally, Summit provided information on how individuals could order a free credit report and placed an emphasis on the importance of placing fraud alerts or security freezes on their credit files as precautionary measures[3].

The breach has attracted legal attention, with the law firm Federman & Sherwood initiating an investigation into Summit Eye & Optical regarding the data breach. The investigation aims to understand the circumstances surrounding the unauthorized access and the potential impact on affected patients. The information exposed in the breach includes names, addresses, Social Security numbers, driver’s license numbers, financial information, medical information, and health insurance information[5].

This incident underscores the importance of robust cybersecurity measures, especially for healthcare providers who handle a significant amount of sensitive personal and medical information. It also highlights the need for timely and transparent communication with affected individuals to help them take appropriate steps to protect themselves from potential identity theft and fraud[3][5].

Citations:

  1. https://www.turkestrauss.com/2023/06/09/summit-eye-optical-data-breach-investigation/
  2. https://www.jnj.com
  3. https://www.prnewswire.com/news-releases/summit-eye–optical-provides-notice-of-data-incident-301836020.html
  4. https://www.oakley.com/en-us
  5. https://www.businesswire.com/news/home/20230608005786/en/Federman-Sherwood-Investigates-Summit-Eye-Optical-for-Data-Breach
  6. https://www.metlife.com
  7. https://www.doj.nh.gov/consumer/security-breaches/documents/summit-eye-optical-20230530.pdf
  8. https://www.politico.com/newsletters/playbook/2024/02/19/house-inaction-captures-world-attention-00142091
  9. https://healthitsecurity.com/news/utah-health-system-suffers-healthcare-data-breach-103k-impacted
  10. https://www.politico.com/news/magazine/2024/02/11/biden-age-strategy-00140777
  11. https://www.govinfosecurity.com/cloud-based-ehr-vendor-hack-affects-eye-care-practices-a-19066
  12. https://www.aetna.com
  13. https://www.csidb.net/csidb/incidents/e2d9e3f0-45c4-40de-a362-2aca9886b3e1/
  14. https://www.cbsnews.com/minnesota/news/long-after-tragic-mysteries-are-solved-families-of-native-american-victims-are-kept-in-the-dark/
  15. https://www.hipaajournal.com/peachtree-orthopedics-suffers-data-theft-and-extortion-incident/
  16. https://www.koin.com/news/portland/inspiration-friends-remember-portland-chef-lauro-romero/
Breach Submission Date May 01, 2023
Converted Entity Name Summit Eye & Optical
Converted Entity Type Healthcare Provider
State NJ
Individuals Affected 5,727
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes