your image

US optometry provider Simon Eye hit by data breach impacting 144,000 patients | The Daily Swig

Adam Bannister
portswigger
Related Topic
:- Cyber Security

US optometry provider Simon Eye hit by data breach impacting 144,000 patients

Adam Bannister 21 September 2021 at 11:02 UTC
Updated: 21 September 2021 at 11:36 UTC

US Healthcare Data Breach

Compromise of employee mailboxes may have exposed sensitive medical data

 

Simon Eye, a US chain of optometry clinics, has reported a data breach potentially impacting more than 144,000 individuals.

The possible compromise of sensitive personal data arose from unauthorized access to employee email accounts over a seven-day period between May 12-18, 2021, according to a data breach notice on the Simon Eye website.

Simon Eye said the attackers “attempted to engage in wire transfer and invoice manipulation attacks against the company, none of which were successful”.

 

Catch up with the latest email security news

 

However, a review of the breached mailboxes’ contents revealed that patients’ names, medical histories, treatment and diagnosis information, health insurance policy and/or subscriber information, and insurance application and/or claims information may have been exposed.

A subset of individuals may have also had their Social Security numbers, dates of birth, and/or financial account information exposed.

“Importantly, to date, we have no evidence of any misuse of any data as a result of this incident,” said Simon Eye.

Incident response

The eyecare provider, which has 10 clinics around Delaware, said it first became aware of suspicious activity on internal email accounts “on or about June 8”.

Simone Eye said it “immediately reset user passwords, implemented additional data security protocols and commenced an investigation to confirm the nature and scope of the incident”.

It added: “We will continue to evaluate and implement additional safeguards. We are also reporting this incident to relevant state and federal regulators.”

 

INSIGHT Manufacturing industry must limit internal data access to prevent sensitive leaks – report

 

The company said it would notify potentially affected individuals upon completion of a review of the potentially compromised data.

Potential victims have been advised to monitor their financial accounts, consider setting up fraud alerts or credit freezes with a credit reporting bureau, and call a helpline if they have any questions.

According to the US Department of Health and Human Services’ breach portal, Simon Eye has reported that the incident may have affected 144,373 individuals.

Simon Eye declined to comment further in response to a query from The Daily Swig.

ORIGINAL News

Comments

Related Posts

your image

Career in Ethical Hacking| Hacking Roadmap | Placements, Packages, Certificates, How to Start

Youtube
your image

Do's and Don'ts from over 100 cyber tabletop exercises

cyber management
your image

Cyber Security Full Course in Hindi

Youtube
your image

Careers and Scope for Cyber security - Skills required, Top recruiters, Job Opportunities

Youtube
your image

Types of Cyber Tabletop Exercises You can Host

cyber management