Alex - stock.adobe.com

Eye Care Leaders EMR Breach Impacts 1.5M+

Eye Care Leaders suffered unauthorized access to its myCare Integrity EMR offering, impacting at least eight eye care providers and hundreds of thousands of individuals.

Eye Care Leaders, which offers an ophthalmology-specific EMR solution, experienced unauthorized access to its myCare Integrity system in December 2021.

Since notifying impacted eye care practices on March 1, practices have begun notifying impacted individuals of the third-party breach, which impacted at least eight known organizations and 342,000 individuals.

The myCare Integrity EMR offering is a cloud-based system designed to improve workflow and built exclusively for eye care practitioners.

According to notices provided to impacted patients, Eye Care Leaders experienced a data security incident in which an unauthorized party accessed the EMR system and deleted databases and system configuration files.

The breach did not involve any unauthorized access to the impacted practices’ internal systems.”

Summit Eye Associates said the breach impacted up to 54,000 of its patients and began mailing notification letters in late April. The Tennessee-based practice said it was in the process of terminating its vendor relationship with Eye Care Leaders.

As previously reported, EvergreenHealth was also implicated in the breach. The Washington-based health system, which operates in the Seattle metropolitan area, notified 21,000 individuals of the incident.

“EvergreenHealth is examining its vendor relationship with Eye Care Leaders and evaluating their security safeguards,” the health system stated in its notice to patients.

At Regional Eye Associates in Morgantown, West Virginia, 194,035 patients who received services at the practice before December 5, 2021, were impacted by a third-party EMR breach, but Eye Care Leaders was not named in the notice.

The investigation is ongoing, and Regional Eye Associates said it was working closely with the vendor to investigate the incident. The description of the incident matches that of other Eye Care Leaders breach notices. 

“To protect against such breaches in the future, our vendor has implemented technical, administrative, and physical safeguards to protect against future attacks,” the website notice stated.

“This includes reviewing and updating access controls, permissions, and data storage security procedures."

Below is a running list of known eye care practices that reported the incident to the Office for Civil Rights as of June 29:

  • Texas Tech University Health Sciences Center: 1,290,104 individuals impacted
  • Lori A. Harkins, MD, dba Harkins Eye Clinic: 23,993 individuals impacted
  • Chesapeake Eye Center: 32,770 individuals impacted
  • McCoy Vision Center: 33,930 individuals impacted
  • Precision Eye Care (MO): 58,462 individuals impacted
  • Summit Eye Associates: 54,000 individuals impacted
  • Frank Eye Center: 26,333 individuals impacted
  • Allied Eye Physicians and Surgeons: 20,651 individuals impacted
  • EvergreenHealth: 21,000 individuals impacted
  • Arkfeld, Parson, and Goldstein, P.C. doing business as ilumin: 14,984 individuals impacted
  • Northern Eye Care Associates: 8,000 individuals impacted
  • Ad Astra Eye: 3,700 individuals impacted
  • Regional Eye Associates: 194,035 individuals impacted
  • Moyes Eye Center: 38,000 individuals impacted
  • Burman & Zuckerbrod Ophthalmology Associates: 1,337 individuals impacted
  • Shoreline Eye Group: 57,047 individuals impacted
  • Finkelstein Eye Associates: 58,587 individuals impacted
  • Sylvester Eye Care: 19,377 individuals impacted
  • Associated Ophthalmologists of Kansas City: 13,461 individuals impacted
  • Fishman vision: 2,646 individuals impacted
  • AU Health: 50,631 individuals impacted
  • Cherry Creek Eye Physicians and Surgeons: 17,732 individuals impacted
  • Sharper Vision (KS): 6,891 individuals impacted
  • Carolina Eyecare Physicians: 68,739 individuals impacted

*This story will be updated as more information becomes available. 

Next Steps

Dig Deeper on Healthcare data breaches