Hacking Incident at Cloud EHR Vendor Impacts Multiple Eye Care Practices

Eye Care Leaders, a vendor of cloud-based electronic health record and practice management solutions for eye care providers, has recently been hacked and had databases and system configuration files deleted.

According to breach notification letters sent by some of the affected practices, the breach affected Eye Care Leaders’ cloud-based myCare solution, with the hackers gaining access to the electronic medical record databases on or around December 4, 2021. The hacker then deleted the databases and system configuration files.

When the breach was detected, Eye Care Leaders immediately secured its systems to prevent further unauthorized access and launched an investigation. That investigation is ongoing and, at this stage, it is not clear to what extent, if any, patient data has been compromised; however, it is possible that patient information was viewed and/or exfiltrated prior to database deletion. The databases contained information such as patient names, dates of birth, medical record numbers, health insurance information, Social Security numbers, and information regarding care received at eye care practices.

The Durham, NC-based company claims its products are used by more than 9,000 ophthalmologists. It is currently unclear how many providers have been affected. Hermitage, TN-based Summit Eye Associates has confirmed that it has been affected by the attack and that the protected health information of 53,818 patients was potentially compromised. Kings County Public Hospital District No. 2, doing business as Evergreen Health, has also confirmed that patient data may have been compromised. The breach has been reported as affecting 20,533 individuals who received eye care services at Evergreen Health. Allied Eye Physicians & Surgeons in Ohio has confirmed that it has been affected by the breach and that the information of 20,651 individuals has been exposed.

Central Vermont Eye Care in Rutland, VT has also recently reported a hacking incident that involved its EHRs that has affected 30,000 patients, and Regional Eye Associates in West Virginia has reported a breach of its EHRs and is known to use Eye Care Leaders’ solutions, but it has not been confirmed whether these two incidents are due to the Eye Care Leaders incident or if they are unrelated.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/