Texas Retina Associates (“Texas Retina”) encountered a cyberattack that impacted over 312,000 patients. This company is the biggest ophthalmology practice with 15 practices established in Dallas, Texas. The attack involved unauthorized access to its network and possible theft of sensitive patient information. On March 27, 2024, Texas Retina Associates discovered suspicious network activity and engaged third-party cybersecurity experts to look into the incident. They reported that an unauthorized actor acquired access to its system on October 8, 2023, and continued to have access until March 27, 2024 when the breach was discovered.
Texas Retina Associates stated it did not know of any improper use of patient records, but it is sending notifications as a safety precaution since data files that contained patient information were compromised. The file analysis revealed that the compromised information included first name and last name, telephone number, address, email address, date of birth, sex, Social Security number, health record number, clinical data, prescription data, medical data, health history, and medical insurance data. These letters should give victims a listing of their data that was compromised.
The breach report was submitted to the HHS’ Office for Civil Rights indicating that up to 312,867 present and past patients were affected. According to Texas Retina Associates, its systems were secured, extra cybersecurity measures were applied, cybersecurity guidelines and procedures were improved, and further cybersecurity and HIPAA training were given to its employees. The helpline (888-498-3901) is set up for affected individuals to get more information regarding the breach. Support is available from 8 a.m. until 8 p.m. Central Time. Texas Retina Associates posted a substitute breach notice on its website, but it did not mention how the breach happened, nor did it give details of Texas Retina’s response. The notice also did not mention about any free credit monitoring or identity protection services offered to the victims.
On June 26, 2024, Texas Retina also notified the Attorney General of Texas after being sure that the private data entrusted to the organization had been hacked. Texas Retina started sending data breach notification letters to all people whose data was impacted by the recent security incident.
Photo credits: StockUp; AdobeStock
