A large number of Americans’ health data was compromised in different data breaches at two eye-care providers in the U.S, namely Simon Eye and USV Optical.
On September 14, Simon Eye Management notified the Office for Civil Rights at the U.S. Department of Health and Human Services of a cybersecurity breach. The private information of 144,000 people was stolen as a result of hacking at the eye-care company.
Unusual activities connected to some staff email accounts were noticed on or around June 8, as per Simon Eye’s statement posted on its website.
Unauthorized access to several staff email accounts was found between May 12, 2021, and May 18, 2021, according to an investigation conducted with the assistance of third-party cyber forensic experts.
Names of individuals, as well as their medical records, health insurance info, and diagnosis or treatment data may have been compromised by the breach.
Furthermore, few individuals’ dates of birth, Social Security numbers, or bank account details may have had leaked. However, no proof of data misuse was detected as a result of the hack.
The investigation indicated that the hackers attempted, but failed, to conduct money transfer and manipulation of invoices against the eye-care company.
Simon Eye is committed to maintaining the security of personal data under their management, so it had reset passwords as soon as they discovered the breach, established extra info protection measures, and launched an investigation to determine the extent of the attack.
More protections will be assessed and applied as needed by the company. Simon Eye also informed the appropriate state and federal authorities about the issue.
On the other hand, USV Optical, Inc. discovered unusual activity on its infrastructure on May 12. For about a month, hackers had access to particular USV Optical systems and databases, according to a forensic investigation.
From April 20, 2021, to May 17, 2021, it was discovered that information of 180,000 patients and staff may have been exposed and stolen by an unauthorized party.
Names of individuals, as well as their health insurance details and claims, were among the data that may have been exposed. Besides, dates of birth, addresses, and others may have been compromised for certain people, according to a notice from USV Optical.
USV Optical claimed that any proof of identity fraud or theft was not found due to the hack. Also, the company has reported the issue to appropriate federal authorities as needed.