A data breach at US healthcare provider Wolfe Eye Clinic has potentially exposed the personal data of half a million past and present patients, including protected medical information in some cases.
In a security advisory released yesterday (June 22), the clinic said it had been the target of a “cyber-attack”, but did not release further details about the system compromise.
The incident happened on February 8, 2021, said the organization, but “given the complexity and scale of the cyber-attack detected, the full scope of information potentially impacted was not fully realized until May 28, 2021.”
Wolfe Eye Clinic, based in Iowa, is now in the process of notifying the 500,000 individuals whose personal data may be at risk.
For some, this information may include their name, mailing address, date of birth, and Social Security number – for others it could also include protected medical and health information.
The advisory reads: “We take the security of all information in our control very seriously. Given this, we are taking steps to prevent a similar event from occurring in the future by implementing additional safeguards and enhanced security measures to better protect the privacy and security of information in our systems.
“Out of an abundance of caution, we are also notifying all potentially affected individuals and have begun mailing letters to everyone whose information may have been compromised because of this incident.”
Wolfe Eye Clinic is also offering free credit monitoring services for 12 months to all affected patients.
“Please know that the protection and security of your personal information is our highest priority, and we sincerely regret any concern or inconvenience this matter may cause you,” it added.
Source: https://portswigger.net/daily-swig/data-breach-at-us-eye-clinic-impacting-500-000-patients-potentially-exposed-private-medical-information