In California, Laguna Hills-based Harvard Eye Associates has been affected by a cyberattack on its online storage vendor and the protected health information (PHI) of 29,982 patients could possibly have been stolen.
The storage vendor made Harvard Eye Associates aware, on January 15, 2021, that cybercriminals had obtained access to its computer databases and stole data. While it was not known if files were encrypted to prevent access, a ransom demand was issued for the safe return of the stolen data. The storage vendor sought help from cybersecurity specialists and the Federal Bureau of Investigation and based on the advice obtained took the decision to pay the ransom.
Once the ransom was handed over, the cybercriminals returned the stolen data and provided assurances that no duplicates of the data had been created and there had been no additional disclosures. The cybersecurity specialists contracted by the security vendor have been scouring the Internet and darknet but have not found any proof that the stolen data has been sold or leaked on the Internet. An official review of the breach showed the hackers first obtained access to its computer systems on October 24, 2020.
The range of patient information that may have been stolen by the cybercriminals included patients’ names, addresses, phone numbers, email addresses, dates of birth, medical histories, health insurance information, medications, and information about treatment provided at Harvard Eye Associates.
Harvard Eye Associates acts as a billing and administrative services provider to Alicia Surgery Center in Laguna Hills and duties involve working with the types of data referred to above. Alicia Surgery Center patients were also impacted by the security incident. It remains unknown exactly how many patients of Alicia Surgery Center have been impacted.
Harvard Eye Associates and Alicia Surgery Center have offered impacted individuals free credit monitoring and identity theft protection services.