Ransomware attack compromises eyecare software provider Ocuco
Learn More
Dublin, Ireland-based Ocuco Inc., a provider of eyecare software solutions, was hit by a ransomware attack that compromised sensitive patient data affecting 240,961 individuals in the United States. The company provides software and services to 6,750 client sites across 88 countries serving thousands of optical practices, clinics, and laboratories.
The ransomware attack was carried out by the cybercriminal group known as Kill Security (also referred to as "Killsec"). The incident was discovered on April 1, 2025, when the hackers claimed responsibility and posted details about the hack on the dark web site. The ransomware gang claimw to have stolen more than 340 gigabytes of Ocuco's data, including 670,344 files and 26,838 folders.
The investigation revealed that there was unauthorized access to two of the company's non-production servers and certain files stored there via a vulnerability in a third-party software on those systems. The exposed data includes:
- Dates of birth
- Contact information
- Health records
- Payment details
- Insurance information
The number of affected individuals globally beyond the 240,961 reported in the United States is not disclosed.
Ocuco states that it is still in the process of performing a detailed review of the files that were involved in the incident to identify individuals whose information may have been contained in the files. The company has committed to starting the process of notifying relevant parties and individuals, as well as providing resources to help protect their personal information, in accordance with applicable law, as soon as this process has been completed.
