Oregon Eye Specialists Reveals Data Breach Following Employee Email Compromise
A data breach involving unauthorized activity on internal email accounts has been discovered by an optometry group in the United States, according to Port Swigger.
Among the information exposed, according to Oregon Eye Specialists (which operates six clinics in and around Portland), are customers' names and one or more of the following items: their dates of birth and service dates; medical record numbers; financial account information; and names and/or policy numbers of their health insurance providers.
According to a data breach report made on October 8, the eye-care service stated that it discovered odd behavior in an email account on August 10, 2021, and that it changed account passwords and adopted additional security measures to further secure information.
Following that, according to the firm, an investigation discovered that an individual had accessed specified accounts between June 29, 2021, and August 31, 2021, according to the company's statements.
Although there is no evidence of actual or attempted misuse of information as a result of this event, the business says it is reaching out to anybody who may be affected regardless.
For possible victims, Oregon Eye Specialists offers free credit monitoring and identity protection services, and asks that they watch their credit reports, financial account statements, and explanations of benefits paperwork for unusual behavior.
Interesting patterns
Surprisingly, this is at least the fourth data hack to affect the optometry industry in the United States since June.
Most recently, two comparable disclosures occurred in September, with South Jersey eyeglasses company USV Optical revealing (PDF) a data breach involving 180,000 persons and another employee email hack at Delaware-based Simon Eye potentially affecting more than 144,000 individuals.
To date, the Wolfe Eye Clinic data breach in Iowa has posed the greatest threat to the public due to the discovery that a cyberattack exposed the personal data of up to 500,000 former and current patients, including protected medical information under certain conditions.
Personal information of around 73,000 patients was stolen in August from an optometry practice in Singapore called Eye & Retina Surgeons by a ransomware assault, according to the business' website.