Wolfe Eye Clinic, based in Iowa, suffered a cyberattack that gave hackers access to their patient files. The eye care cyberattack potentially affected 500,000 patients that had been treated by the clinic. More details are discussed below.

How Did the Eye Care Cyberattack Occur?

Eye Care Cyberattack

It was recently announced that, on February 8, 2021, Wolfe Eye Clinic discovered that an unauthorized party had gained access to their computer network. Upon discovery of the eye care cyberattack, the clinic worked quickly to secure their network, and contracted a third-party security and forensic investigator to conduct an investigation.

The investigation, which concluded on June 8, 2021, determined that 500,000 patients potentially had their protected health information accessed by the unauthorized party. Although information varied by patient, the data included names, mailing addresses, dates of birth and Social Security numbers; and for some, also included protected medical and health information.

Let’s Simplify Compliance

Cybersecurity and HIPAA compliance go hand-in-hand? Protect your business by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

Luke Bland, chief financial officer at Wolfe Eye Clinic commented on the eye care cyberattack, “We take our responsibility to protect personal information in our control very seriously and apologize for any concern or inconvenience this may cause. We continue to closely monitor the situation and are committed to notifying past and present patients about what happened and what they can do to protect their information.”

Patients affected by the incident have received breach notification letters by mail. These patients have access to one year of complementary identity theft protection and credit monitoring.

To read Wolfe Eye Clinic’s notice, please click here.

HIPAA Compliance Reduces the Risk of Cyberattacks

Did you know that organizations that are HIPAA compliant are better protected against cyberattacks? This is because HIPAA compliance and cybersecurity go hand-in-hand. Many of the requirements set forth by the HIPAA Security Rule improve your overall cybersecurity posture.

This includes the need to:

  • Conduct an annual security risk assessment
  • Implement remediation efforts to address risk and vulnerabilities to electronic PHI
  • Implement access controls and keep audit logs
  • Implement user authentication
  • Encrypt devices that cr