Hackers hit 2 eye care groups; Data breaches at Simon Eye and USV Optical affect 324,000 people
Two groups of eye care providers were affected by data breaches affecting a total of 324,000 people.
A breach at Simon Eye management in Delaware was reported to the Department of Health and Human Services civil rights office on September 14. More than 144,000 people have been affected by the hacking incident involving an email.
According to an opinion from Simon Eye, “Our investigation revealed that the unauthorized third party attempted to engage in wire transfer and bill manipulation attacks against the company, but none were successful.”
The other violation, at USV Optical Inc., a New Jersey-based subsidiary of US Vision, was reported to the HHS Office for Civil Rights on September 3. The hacking incident involving a network server affected 180,000 people.
Read the opinions of eye care providers:
Simon Eye Management (“Simon Eye”) recently became aware of suspicious activity related to certain employee email accounts. With the help of third-party computer forensics specialists, we took immediate action to contain the incident and investigate the nature and extent of the incident. Simon Eye is issuing this advisory to provide additional details on what is known about the incident, the actions we are taking in response, and the actions potentially affected persons can take, if they deem it appropriate.
On or around June 8, 2021, Simon Eye initially became aware of suspicious activity related to certain employee email accounts. We immediately launched an investigation with the help of third-party specialists to determine the nature and extent of the activity. This investigation determined that there had been unauthorized access to certain employee email accounts from May 12, 2021 to May 18, 2021. Our investigation revealed that the unauthorized third party attempted to engage in wire transfer attacks. banking and invoice manipulation against the company, none of which was successful. However, since the unauthorized third party was able to access some employee email accounts during this time, we examined the entire contents of those mailboxes to determine if any personal information could have been accessed. To be clear, Simon Eye has found no evidence that employee or patient information has been misused. However, out of caution, Simon Eye is providing this notice to all patients and employees whose information was in the affected mailboxes. Additionally, our internal efforts to identify contact information in order to directly inform potentially affected individuals are ongoing.
What information was involved?
Information that may have been affected by this incident could have included one or more of the following: a person’s name; medical background; information on treatment or diagnosis; health information; health insurance information, including policy and / or subscriber information; information on insurance requests and / or complaints; and for a smaller number of people, it may have included their social security number, date of birth and / or financial account information. It is important to note that to date we have no evidence of data misuse following this incident.
what are we doing?
Simon Eye takes the privacy, confidentiality and security of the information entrusted to us seriously. Upon discovery, we immediately reset user passwords, implemented additional data security protocols, and began an investigation to confirm the nature and extent of the incident. We will continue to assess and implement additional safeguards. We are also reporting this incident to relevant state and federal regulators. Additionally, once we complete the review of impacted data, we will notify potentially impacted individuals so that they can take further steps to help protect their information, if they believe it is appropriate to do so. .
What can affected people do?
While we have no evidence of identity theft or fraud as a result of this incident, we encourage those potentially affected to review the following, Steps you can take to help protect your information.
For more information.
We understand that you may have additional questions regarding this incident. Individuals can direct questions to (855) 884-8171 from 9:00 a.m. to 9:00 p.m. Eastern Time, Monday through Friday.
USV Optical, Inc., a subsidiary of US Vision, Inc., (“Vision of the United States”) recently realized potentially suspicious activity on our computer network that may have an impact on the security of certain information on these systems. Wwith the help of a third party–party computer forensics specialists, we took immediate steps for contain the incident and investigate the nature and extent of the incident. Vision of the United States publish this opinion provide additional details on what is known about the incident, the next steps we are take in reply, and the steps potentially affected people can take, if deemed appropriate.
What happened? At May 12, 2021, Vision of the United States identified potentially suspicious activity involving our servers and systems. We started to investigate the activity with the help of third parties–party computer forensic specialists for detemine the nature and extent of the incident. This investigation confirmed there was unauthorized access to certain servers and systems between April 20, 2021 and May 17, 2021. This the investigation is ongoing. However, the investigation determined that recordings related to certain customers and employees may have been seen and / or taken by an unauthorized person as a result of this incident. Therefore, Vision of the United States is notifying potentially impacted individuals that their information may have been To risk.
What information was involved? While the investigation is in progress, the information this could be impacted by this incident understands people’ Name, eye care insurance information, including policy and / or subscriber information, eye care assuredthis information on the application and / or claims, and for a smaller number of people May include address, date of birth, and / or other individual identifiers. We have no proof any identity theft or fraud arising as a result of this incident.
What is U.S. Vision Doing? We take this incident and information security to our care seriously. To discover, we initiated an investigation and took action to our systems. We worked diligently investigate and respond to this incident and keep working identify and notify potentially impacted people people. We are also review and improve existing policies relating to Data protection. We are Report this incident to the appropriate federal and state regulatory authorities, if applicable. Further away, we are notify potentially affected people so that they can take further steps to to help protect their information, should they believe it is appropriate to do so.
What can affected people do? While we have no proof identity theft or fraud occurring as result of this incident, we to encourage everyone to review below, Steps You Can Take To Help Protect Your informations.
For more information. We understand that you may have additional questions regarding this incident. Individuals can address their questions to the telephone number 866–435–7111, during working hours: Monday to Friday from 8:30 a.m. to 10:00 p.m. HEY and Saturday from 9:00 a.m. in the morning at 5:30 a.m. afternoon HEY.