In December 2021, the cloud-based electronic health record (EHR) Eye Care Leaders (ECL) suffered a cyberattack. Hackers gained access to the ECL myCare Integrity back-end databases hosted on AWS and deleted databases and system configuration files. ECL detected the unauthorized activity within 24 hours, contained the breach, and secured its systems. ECL immediately launched an investigation and started working on restoring the databases, many of which have now been restored; however, restoration was not possible for all databases.
ECL started notifying affected eye care practices on or around March 1, 2022. The incident is being reported to regulators by the individual practices rather than ECL, and breach reports have started to appear on the Department for Health and Human Services’ data breach portal. It is currently unclear how many ophthalmology practices have been affected in total, but so far 8 eye care practices have confirmed they have been affected and have reported the incident to the HHS’ Office for Civil Rights.
So far, the protected health information (PHI) of at least 342,000 individuals has potentially been subject to unauthorized access or has been stolen. The types of data exposed in the security breach include names, addresses, telephone numbers, birth dates, Social Security numbers, medical treatment information, and diagnosis information.
It should be noted that ECL encrypts the electronic containers on AWS where patients’ protected health information (PHI) is stored, but the database tables themselves are not encrypted at rest. ECL said it has not found any evidence that confirms the access, acquisition, or disclosure of any personal or protected health information as a result of the security breach, and no reports have been received about any attempted or actual misuse of patient data but the possibility of unauthorized access and data theft could not be ruled out.
ECL says third-party experts have been engaged to conduct a forensic investigation and additional security measures have been implemented to secure and monitor its cloud environment. Identify theft protection services are being offered to affected individuals.
Eye Care Practices Affected by the Eye Care Leaders Cyberattack
| Eye Care Providers Affected | State | Number of Records |
| Regional Eye Associates Inc. & Surgical Eye Center of Morgantown | WV | 194,035 |
| Summit Eye Associates | TN | 53,818 |
| Frank Eye Center PA | KS | 26,333 |
| Allied Eye Physicians & Surgeons Inc. | OH | 20,651 |
| King County Public Hospital District No. 2 dba Evergreen Health | WA | 20,533 |
| Arkfeld, Parson & Goldstein PC dba ilumin | NE | 14,984 |
| Northern Eye Care Associates | MI | 8,000 |
| Ad Astra Eye LLC | KS | 3,684 |