- How to clear the cache on your Windows 11 PC (and why you shouldn't wait to do it)
- These Sony headphones deliver premium sound and comfort - without the premium price
- The LG soundbar I prefer for my home theater slaps with immersive audio - and it's not the newest model
- Samsung's new flagship laptop rivals the MacBook Pro, and it's not just because of the display
- Email marketing is back and big social is panicking - everything you need to know
US Eye-Care Providers Report Data Breaches
The protected health information of hundreds of thousands of Americans has been exposed in two separate security incidents at eye-care providers in the United States.
Simon Eye Management reported a data breach to the Department of Health and Human Services’ Office for Civil Rights on September 14. An email hacking incident at the Delaware-based eye-care group exposed the data of 144,000 individuals.
According to a notice issued by Simon Eye, suspicious activity “related to certain employee email accounts” was observed on or about June 8. An investigation carried out with the help of third-party computer forensic specialists found that unauthorized access to some employee email accounts had occurred from May 12, 2021, to May 18, 2021.
“Our investigation revealed that the unauthorized third party attempted to engage in wire transfer and invoice manipulation attacks against the company, none of which were successful,” said the eye-care group.
Information impacted by the incident may have included names, medical histories, treatment or diagnosis information, and health insurance information. Simon Eye said that “a smaller number of individuals” may also have had their Social Security numbers, birth dates, and/or financial account information exposed.
The eye-care provider said that it had not discovered any evidence of data misuse linked to the incident.
On May 12, USV Optical, Inc., a subsidiary of U.S. Vision, Inc., noticed suspicious activity on its network. A forensic investigation confirmed that hackers were able to access certain USV Optical servers and systems for nearly a month.
It was determined that data belonging to 180,000 individuals (employees and patients) may have been accessed and possibly exfiltrated by an unauthorized individual from April 20, 2021, to May 17, 2021.
Information that could have been compromised included names, eye-care insurance information, and insurance claims information. In a security notice, USV Optical said that for some individuals, addresses, dates of birth, and/or “other individual identifiers” may also have been exposed.
“We have no evidence of any identity theft or fraud occurring as a result of this incident,” stated USV Optical, adding that they “are reporting this incident to relevant state and federal regulators as required.”
