What happened to CEI Vision Partners?

CEI Vision Partners, a network of more than 300 ophthalmologists and 700 optometrists across the United States, experienced a data breach that exposed patient information. The company detected unauthorized access to its computer network on May 26, 2024.

When did the CEI Vision Partners data breach occur?

The investigation confirmed that a threat actor had access to CEI Vision Partners' network between May 24, 2024, and May 27, 2024, and potentially obtained files containing patient information.

When were patients notified about the CEI Vision Partners breach?

Despite the breach occurring in May 2024, CEI Vision Partners did not begin notifying affected individuals until August 18, 2025, representing a delay of over 15 months between the incident and patient notification.

What type of organization is CEI Vision Partners?

CEI Vision Partners is a large network of eye care professionals consisting of more than 300 ophthalmologists and 700 optometrists operating across the United States.

What patient information was exposed in the CEI Vision Partners breach?

The exposed data includes names, birth dates, Social Security numbers, financial account information, health insurance information, limited clinical information, and contact details.

Has CEI Vision Partners disclosed how many patients were affected?

No, the number of affected individuals has not been disclosed by CEI Vision Partners. The nature of the attack has also not been disclosed.

Why was there such a long delay in notifying patients about the CEI Vision Partners breach?

It is unclear why the notification was delayed for over a year. CEI Vision Partners has not provided an explanation for the 15-month delay between detecting the breach in May 2024 and beginning patient notifications in August 2025.

How widespread is the CEI Vision Partners network?

CEI Vision Partners operates a extensive network across the United States with more than 300 ophthalmologists and 700 optometrists, making it a significant eye care provider network that could potentially affect a large number of patients.

What types of medical information were compromised in the CEI Vision Partners breach?

The breach exposed limited clinical information along with health insurance information. As an eye care provider network, this likely includes vision and eye health records, though the specific medical details have not been disclosed.

Has CEI Vision Partners disclosed the nature of the cyberattack?

No, CEI Vision Partners has not disclosed the nature of the attack or how the threat actor gained unauthorized access to their computer network.

What makes the CEI Vision Partners breach notification delay significant?

The 15-month delay between breach detection (May 2024) and patient notification (August 2025) is highly unusual and potentially problematic, as healthcare data breach notification laws typically require much faster disclosure to affected individuals.

What financial information was exposed in the CEI Vision Partners breach?

The breach exposed financial account information along with other sensitive data, though the specific details about what types of financial information were compromised have not been disclosed.

How long did the threat actor have access to CEI Vision Partners' systems?

According to the investigation, the threat actor had access to CEI Vision Partners' network for approximately three days, between May 24, 2024, and May 27, 2024.

What should patients do if they were affected by the CEI Vision Partners breach?

Affected patients should watch for notification letters being mailed by CEI Vision Partners and take advantage of the complimentary 12-month credit monitoring and identity theft protection services being offered. Given the exposure of Social Security numbers and financial information, patients should also monitor their credit reports and financial accounts for suspicious activity.

Incident

CEI Vision Partners reports data breach affecting patient information

Q: What services is CEI Vision Partners offering to affected patients?

Notification letters are being mailed to affected individuals, who have been offered complimentary 12-month credit monitoring and identity theft protection services.

published: Aug. 19, 2025

Learn More

CEI Vision Partners, a network of more than 300 ophthalmologists and 700 optometrists across the United States, is reporting a data breach that exposed patient information.

The company detected unauthorized access to its computer network on May 26, 2024. The investigation confirmed that a threat actor had access to its network between May 24, 2024, and May 27, 2024, and potentially obtained files containing patient information.

Despite the breach occurring in May 2024, CEI Vision Partners did not begin notifying affected individuals until August 18, 2025.

Exposed data includes:

Names
Birth dates
Social Security numbers
Financial account information
Health insurance information
Limited clinical information
Contact details

The number of affected individuals and the nature of the attack is not disclosed. It's also unclear why the notification was delayed for over a year.

Notification letters are being mailed to the affected individuals, who have been offered complimentary 12 month credit monitoring and identity theft protection services.

CEI Vision Partners reports data breach affecting patient information

Read More
MNA Healthcare exposes sensitive information of medical professionals
Guam Seventh-Day Adventist Clinic reports data breach
Westchester Medical Center Network impacted by cyberattack, diverts …
Idaho health system Kootenai Health reports cyberattack, data …
Black Hills Regional Eye Institute reports ransomware attack