Getty Images

Eye Care Leaders Data Breach Impacts 15K at Oklahoma Eye Care Practice

The Eye Care Leaders data breach tally continues to grow nearly one year after the incident was first discovered.

Oklahoma-based Massengale Eye Care was the latest eye care practice to report impacts from the Eye Care Leaders (ECL) data breach. As previously reported, Eye Care Leaders, which offers an ophthalmology-specific EMR solution, suffered unauthorized access to its myCare Integrity system in December 2021.

Since then, eye care practices have been submitting breach reports to HHS, and the breach has impacted more than 2 million people in total. Massengale Eye Care added 15,000 to the total breach tally.

“This data security incident occurred entirely within Eye Care Leaders’ network environment, and there were no other remedial actions available to Massengale Eye Care,” the practice noted.

There was no concrete evidence that the unauthorized actor accessed Massengale Eye Care data, but ECL could not rule out the possibility. Massengale Eye Care said that it has not received any reports of identity theft relating to the incident.

“Although this incident was completely out of Massengale Eye Care’s control, we sincerely regret any inconvenience or concern that this matter may cause, and remain dedicated to ensuring the privacy and security of all information in our control,” the notice stated.

Telehealth Vendor Suffers Years-Long Breach From Third-Party Tool

MDLIVE Medical Group, a telehealth vendor, notified 7,439 individuals of a data breach that stemmed from its use of a third-party analytics tool within a patient portal.

“The purpose of this analytics activity and use of the tool was to better understand how patients navigate the portal in order to improve patient interactions on the portal, making it function better for our patients with a view towards improved access to and quality of care,” the notice explained.

“When this analytics tool was originally configured, it was inadvertently turned on to monitor activity on the patient login page of the MDLIVE portal.”

As a result, MDLIVE discovered that data entered on the portal between June 2019 and August 2022 were captured by the third-party tool.

“Based on the way the tool works, that information would then have been accessible to (although not necessarily viewed by) the third-party owner of the tool,” the notice explained.

MDLIVE usernames and passwords, along with birth dates. No health information or financial information was impacted. MDLIVE said it permanently discontinued all analytics activity on its login page and prompted password resets on its portal.

MDLIVE did not specify what analytics tool it was using, but similar incidents have been reported relating to Meta tracking pixels.

Wenco Management Health Plan Breach Impacts 20K

Wenco Management, which operates the fast food chain Wendy’s, suffered a data breach that impacted its health plan. Wenco informed 20,526 individuals of the breach, which was first identified in August 2022.

Further investigation revealed that an unauthorized actor gained access to Wenco’s systems and accessed enrollment records pertaining to participants in Wenco’s employer-sponsored health plan. The records contained names, Social Security numbers, and plan selection information.

Wenco Management offered credit monitoring services to impacted individuals.

“To help prevent something like this from happening again, we are enhancing our existing security measures,” Wenco Management stated.

Next Steps

Dig Deeper on Healthcare data breaches