Eye Care Leaders EMR Data Breach Tally Surpasses 2 Million

June 17, 2022 - Texas Tech University Health Sciences Center (TTUHSC) added 1.3 million to the total number of individuals impacted by the Eye Care Leaders (ECL) EMR data breach, bringing the total to over 2 million.

As previously reported, Eye Care Leaders, which offers an ophthalmology-specific EMR solution, experienced unauthorized access to its myCare Integrity system in December 2021. Since ECL began notifying impacted organizations of the breach, organizations have been steadily contributing reports to HHS’ Office for Civil Rights (OCR) data breach portal.

TTUHSC’s notice said that ECL’s compromised databases may have contained patient names, phone numbers, addresses, emails, gender, birth dates, driver’s license numbers, health insurance information, appointment information, medical record numbers, Social Security numbers, and medical information relating to ophthalmology services.

“Although no evidence could be found that such records were exfiltrated or used by unauthorized individuals, the possibility could not be definitively ruled out due to insufficient log files,” the notice explained.

In addition to TTUHSC’s notice, McCoy Vision Center, Harkins Eye Clinic, Precision Eye Care, and Chesapeake Eye Center all reported the incident to OCR recently. There was no notice of the breach on ECL’s website at the time of publication.

As of July 6, the following organizations have reported that they were impacted by the ECL breach:

• Texas Tech University Health Sciences Center: 1,290,104 individuals impacted
• Lori A. Harkins, MD, dba Harkins Eye Clinic: 23,993 individuals impacted
• Chesapeake Eye Center: 32,770 individuals impacted
• McCoy Vision Center: 33,930 individuals impacted
• Precision Eye Care (MO): 58,462 individuals impacted
• Summit Eye Associates: 54,000 individuals impacted
• Frank Eye Center: 26,333 individuals impacted
• Allied Eye Physicians and Surgeons: 20,651 individuals impacted
• EvergreenHealth: 21,000 individuals impacted
• Arkfeld, Parson, and Goldstein, P.C. doing business as ilumin: 14,984 individuals impacted
• Northern Eye Care Associates: 8,000 individuals impacted
• Ad Astra Eye: 3,700 individuals impacted
• Regional Eye Associates: 194,035 individuals impacted
• Moyes Eye Center: 38,000 individuals impacted
• Burman & Zuckerbrod Ophthalmology Associates: 1,337 individuals impacted
• Shoreline Eye Group: 57,047 individuals impacted
• Finkelstein Eye Associates: 58,587 individuals impacted
• Sylvester Eye Care: 19,377 individuals impacted
• Associated Ophthalmologists of Kansas City: 13,461 individuals impacted
• Fishman vision: 2,646 individuals impacted
• AU Health: 50,631 individuals impacted
• Cherry Creek Eye Physicians and Surgeons: 17,732 individuals impacted
• Sharper Vision (KS): 6,891 individuals impacted
• Carolina Eyecare Physicians: 68,739 individuals impacted
• Kernersville Eye Surgeons: 13,412 individuals impacted
• Long Vision Center: 29,237 individuals impacted
• Stokes Regional Eye Centers: 266,170 individuals impacted
• Aloha Laser Vision 43,263 individuals impacted
• Center for Sight: 41,041 individuals impacted
• Mattax Neu Prater Eye Center: 92,361 individuals impacted

ECL is now facing multiple lawsuits regarding its handling of the breach, with plaintiffs alleging a lack of transparency, business disruptions, and reputational harm.