Asheville Eye Associates reports data breach exposing 193K people
Learn More
Asheville Eye Associates is reporting a data breach, disclosing a cybersecurity incident that affected 193,306 individuals. The ransomware group DragonForce claimed responsibility for the attack, stating they exfiltrated approximately 540GB of data from the medical provider's servers.
Asheville Eye Associates, is an ophthalmology and optometry practice based in Asheville, North Carolina. The practice provides advanced eye care services, including cataract surgery, LASIK, glaucoma treatment, retina care, and routine eye exams.
The breach involved unauthorized access to a network server, though it remains unclear whether the compromise occurred directly at Asheville Eye Associates or through a third-party vendor. The stolen data includes:
- Patient Information:
- Names
- Email addresses
- Birth dates
- Social Security numbers
- Patient account numbers
- Diagnosis information
- Diagnostic images
- Health insurance information
- Payment details for medical services
- Employee Information:
- Names and addresses
- Phone numbers
- Spouse names
- Driver's licenses
- Passport information
- Social Security numbers
- Professional credentials
- HR documents
The company is sending out data breach notification letters providing specific details about their compromised information and steps for protection against potential fraud.
