Getty Images/iStockphoto

Hoya Optical Labs Notifies Consumers of Healthcare Ransomware Attack

Hoya Optical Labs sent notices to customers alerting them of a healthcare ransomware attack in April that exposed personally identifiable information.

Japanese company Hoya Optical Labs recently notified its US customers of an April 5th healthcare ransomware attack that may have exposed personally identifiable information (PII) including Social Security numbers and bank account information.

The attack marked the second ransomware incident for Hoya in the last two years. The vision care company is based in Japan, but the most recent ransomware attack was limited to its United States Systems.

Astro Team, a known hacker organization, claimed responsibility for the attack on its blog and admitted to stealing 300 gigabytes of confidential data, according to Bloomberg. In 2019, another attack on Hoya infected 100 computers and forced the company to cease factory operations for three days.

The breach impacted over 3,000 individuals, according to the office of the Maine attorney general. In a letter to impacted individuals, Hoya wrote: “Based on our investigation, which is ongoing, your personal information may have been acquired by the attacker. We learned on April 23, 2021 that the attackers published the information they had claimed to have stolen.”

“We have expanded our outside team of experienced professionals to collect and review the data published by the attackers as thoroughly and quickly as possible.”

Although the investigation is still ongoing and the full scope of the attack is not known, it appears that Social Security numbers, payroll information, usernames and passwords to financial accounts, medical information, phone numbers, addresses, and driver’s license numbers may have been compromised.

Hoya is offering IDX identity theft protection services to all impacted individuals, including 24 months of credit monitoring and an insurance reimbursement policy up to $1 million. The letter also recommended steps that individuals can take to protect personal information, including reviewing credit reports and placing fraud alerts with the three credit bureaus.

“Immediately upon learning of the problem, we began reviewing all aspects of the incident, and taking steps to protect the systems and everyone involved. We are working closely with outside experts to address the incident properly,” the letter stated.

“We reported the incident to law enforcement. We are also reviewing and enhancing our system security, governance practices and ongoing monitoring to help prevent a recurrence of an incident like this in the future.”

Other recent breaches caused delays in care and exposed personally identifiable information and protected health information (PHI). The Mississippi Center for Advanced Medicine (MCAM) announced a December 2020 breach on its internal server that exposed Social Security numbers, prescription information, and other PII and PHI.

In addition, Wolfe Eye Clinic in Iowa faced a cyberattack that may have leaked up to half a million patients’ PII. Another report revealed that Ohio State University’s Veterans NOW program was compromised earlier this year, prior to the program shutting down altogether.

Meanwhile, St. Joseph’s/Candler, UF Health, UVM Health, and Scripps Health are all in recovery from malicious ransomware attacks that disrupted care and put increased financial burden on multiple hospital systems.

Next Steps

Dig Deeper on Healthcare data breaches