June 30, 2021
A cybersecurity incident at an Iowa group eye clinic could have exposed the personal information of nearly 500,000 current and former patients, according to reporting by Kat Jercich in Healthcare IT News.
According to a press release, Wolfe Eye Clinic was the target of a deliberate cyberattack in February.
Because of the complexity and scale of the incident, said the company, the full scope of potentially affected data was not realized until May 28.
“We take our responsibility to protect personal information in our control very seriously and apologize for any concern or inconvenience this may cause,” said Luke Bland, chief financial officer at Wolfe Eye Clinic, in a statement.
“We continue to closely monitor the situation and are committed to notifying past and present patients about what happened and what they can do to protect their information,” said Bland.
Wolfe Eye Clinic runs 11 main clinics across the state, in addition to nine family vision centers, a surgical center and more than 25 outreach locations.
According to the company, on February 8 an unauthorized third party tried to gain access to the company’s computer network and then blocked access to some systems and information.
After detecting the incident, said the organization, Wolfe Eye Clinic “responded immediately,” contracting the assistance of independent IT specialists and forensic investigators to investigate.
“The hackers demanded a ransom, according to the organization, which was not paid. Although it’s not clear how long the hackers had access to the information, the clinic said the full breadth of possibly exposed data was not realized until May 28. The investigation concluded on June 8,” Jercich writes.
Other Articles to Explore
Last week, Wolfe began notifying the approximately 500,000 current and former patients that their personal information may have been inappropriately accessed.
For some, that data may include their name, mailing address, date of birth and Social Security number; for others, it may also include protected medical and health information, said the company.
Wolfe Eye Clinic said it is taking steps to prevent a similar event from reoccurring by implementing additional safeguards and security measures. It is also offering identity monitoring at no cost for a year to affected individuals.
The company said that to date there have not been reports of identity theft, but that it is notifying all potentially affected individuals “out of an abundance of caution.”
