Getty Images/iStockphoto
Eye care company suffers 377K-record data breach
Panorama Eyecare notified more than 377,000 individuals of a data breach, more than a year after LockBit posted the company on its leak site.
Panorama Eyecare, a Fort Collins, Colo.-based eye care management company, notified 377,911 individuals of a data breach that occurred in May 2023. LockBit ransomware added Panorama Eyecare to its leak site in July 2023, claiming to have exfiltrated data from the company. Panorama did not mention LockBit in its breach notice.
In a notice provided to the Maine Attorney General’s Office, Panorama explained that on June 3, 2023, it discovered that an unauthorized party may have obtained access to Panorama’s internal network.
Further investigation determined that the unauthorized party had maintained access to Panorama’s network from May 22, 2023, to June 4, 2023. As a result, the hacker potentially accessed and removed certain files from Panorama’s network.
In May 2024, Panorama completed its thorough review of the impacted files and determined that the personal information of employees and the protected health information of patients may have been impacted.
The affected information included Social Security numbers, dates of birth, financial account information, dates of service and driver’s licenses.
“Panorama has no evidence that any of the compromised information has been misused for identity theft,” the company stated.
“Panorama reminds its employees and patients to remain vigilant in reviewing financial account statements on a regular basis for any fraudulent activity. Panorama also recommends that its patients review the explanation of benefits statements that they receive from their health insurance providers and follow up on any items not recognized.
Family Health Center experiences data breach
Family Health Center (FHC), a Federally Qualified Health Center in Michigan, notified 34,926 individuals of a data breach that occurred in January 2024. On January 25, FHC discovered a network disruption, promptly disconnected access to the network, and engaged a third-party cybersecurity firm.
Further investigation determined that an unauthorized party accessed some FHC files.
The impacted files contained employee names, addresses, health insurance information, and Social Security numbers. For patients, the impacted information included names and medical information.
In the wake of the incident, FHC said it increased data access control measures, expanded its use of multi-factor authentication, and increased monitoring for suspicious activity.
Specialty Pharmacy breach impacts 252K
AmerisourceBergen Specialty Group (ABSG), a specialty pharmacy previously associated with US Bioservices Corp. (US Bio), notified 252,000 individuals of a data breach that involved protected health information.
The information that was breached was in ABSG’s possession due to its previous affiliation with US Bio. US Bio had previously disclosed the breach, but ABSG recently issued a substitute notice to further notify customers.
Upon learning of unauthorized network activity, ABSG’s parent company took steps to contain the incident and engage cybersecurity experts. The company later learned that information had been exfiltrated.
The impacted information included names, health insurance information, Medicare and Medicaid numbers, dates of birth and treatment and prescription information. ABSG said it currently has no evidence that any of the affected information has been publicly disclosed.