Alex - stock.adobe.com
IA Eye Clinic Adds 543K to Eye Care Leaders Data Breach Tally
The Eye Care Leaders data breach, which has already impacted more than 2 million individuals, has also affected nearly 543K people at Iowa-based Wolfe Eye Clinic.
After a lull in new reports surrounding the Eye Care Leaders (ECL) data breach, Iowa-based Wolfe Clinic submitted a breach report to HHS and posted a notice on its website stating that 542,776 individuals connected to Wolfe were impacted by the third-party breach.
As previously reported, Eye Care Leaders, which offers an ophthalmology-specific EMR solution, suffered unauthorized access to its myCare Integrity system in December 2021. Since ECL began notifying impacted organizations of the incident in March, more than two dozen organizations have submitted individual breach reports to OCR.
The collection of breach notifications made the ECL breach one of the largest reported breaches of 2022 so far.
“This incident has affected eye care practices across the country and is not specific to Wolfe. There is no evidence of any attempted or actual misuse of any personal information,” the website notice stated.
“However, out of an abundance of caution, Wolfe is notifying, via mail, any patient whose information may have been stored on the myCare Integrity system at the time of a data security incident, and providing resources to help protect potentially affected individuals. This data security incident occurred entirely within Eye Care Leaders’ network environment, and there were no other remedial actions available to Wolfe.”
Wolfe Eye Clinic has not received any reports of identity theft relating to the incident.
Berry Producer Suffers Unauthorized Access to Health Plan
Reiter Affiliated Companies (RAC), which describes itself as “the largest multi-berry producer in the world,” reported a healthcare data breach to OCR that impacted its health and welfare plans.
Reiter Affiliated Companies submitted a breach notification to OCR showing that the incident impacted 48,000 individuals. In addition, Reiter Affiliated Health and Welfare Plan submitted a separate notification that implicated 45,000 individuals in the breach.
The company detected suspicious activity on its network on July 4 that made certain systems unavailable. Further investigation revealed that an unauthorized party had obtained files stored on its network.
RAC said it immediately shut down network access and activated its incident response plan.
“We conducted a careful review of those files and identified Plan enrollment rosters containing Plan member names, Social Security numbers, and dates of birth,” the notice stated.
SERV Behavioral Health Systems Reports Breach
New Jersey-based SERV Behavioral Health System began notifying 8,110 individuals of a data breach that occurred in May 2022.
In May, SERV discovered suspicious network activity and immediately launched an investigation. The organization was unable to determine whether any information was viewed or acquired, it could not rule out the possibility.
The breach potentially included names, driver’s license and Social Security numbers, medical information, and contact information.
“The confidentiality, privacy, and security of personal information within our care is among our highest priorities, and we have strict security measures in place to protect the information in our care,” SERV stated.
“Upon learning of the event, we took additional steps to improve our security and better protect against similar incidents in the future.”