EyeCare Partners Reports Data Breac Through Email Compromise

EyeCare Partners (ECP), a St. Louis-based healthcare provider reports a data breach involving unauthorized access to its email systems. 

An attacker gained access to several ECP-managed email accounts over a period of nearly eight weeks starting from rom December 3, 2024 until January 28, 2025. 

The compromised data includes:

• Full names and home addresses
• Social Security numbers
• Dates of birth
• Driver’s license or government identification numbers
• Health plan information
• Limited clinical information

The number of affected individuals is not disclosed. The organization is offering 24 months of free credit monitoring and identity theft protection. Notification letters were mailed to victims starting February 3, 2026. 

It's not clear why the company waited for over a year to report the incident.