The intruder accessed compromised information, including name, address, phone numbers, health insurance information, and medical information related to eye care services – protected health information. Upon conducting a forensic exam in April, Eye Care Leaders began to notify affected providers of the bad news. Texas Tech University Health Science Center (“Texas Tech”) is the hardest-hit provider, with 1.3 million patients affected. To date, 28 eye care providers have confirmed that they have been affected. Over 2.2 million individuals have been affected by the breach. Details of the Texas Tech eyecare breach saga are provided below.
Is your organization secure? Download the free cybersecurity eBook to get tips on protecting your patient information.
Texas Tech Eyecare Breach Claims New Victims: It’s an Attack!
EMR vendor Eye Care Leaders provides patient management software solutions for over 9,000 ophthalmology and optometry practices. Eye Care’s myCare Integrity solution was hacked via a ransomware attack on December 4, 2021.
Eye Care Leaders took down the compromised systems within 24 hours after breach detection and terminated the unauthorized access, but not before the hackers accessed files and databases containing patient records.
Eye Care then conducted a forensic exam in April of 2022. Eye Care determined that the unauthorized activity compromised numerous individual identifiers, including:
- Names, addresses, and phone numbers
- Email addresses
- Dates of birth
- Medical record numbers
- Health insurance information
- Appointment information
- Social Security numbers
- Medical information related to ophthalmology services
Texas Tech then provided notification of the breach to its patients. In its breach notification letter, Texas Tech indicated that the compromised databases and files did not include credit card or financial information. As required by law, Texas Tech notified the Department of Health and Human Services (HHS) that the data of approximately 1.29 million of its patients might have been compromised in the attack.