U.S. Vision Subsidiary Announces Hacking Incident Impacting 180,000 Persons

USV Optical Inc., a U.S. Vision Inc. subsidiary, has reported that unauthorized people have acquired access to some servers and systems that contained patients’ protected health information (PHI). The data breach was discovered on May 12, 2021, with the following forensic investigation affirming that the attackers got access to its systems for nearly a month between April 20, 2021 and May 17, 2021, during which its systems were made secure.

Third-party computer forensics experts are still investigating the breach to find out the full scope and extent of the attack, however, have come to the conclusion that unauthorized persons possibly accessed and exfiltrated patient information during the attack.

It was confirmed that these types of personnel and patient information were compromised: Names of patients, eyecare insurance data, and eyecare insurance application and/or claims details. A part of the people may likewise have had this information exposed: Address, birth date, and/or other personal identifiers. There is no report received thus far of any instances of attempted or actual improper use of personal data and PHI due to the security incident.

The data breach was already reported to the Department of Health and Human Services’ Office for Civil Rights as impacting 180,000 people. The healthcare provider is sending breach notifications to those persons together with instructions on steps to do by breach victims to secure their identities, in case they consider those steps to be suitable.

USV Optical stated it worked hard to check and respond to the incident and is presently working to determine and inform possibly affected individuals. An analysis is being done of guidelines associated with data protection and these are going to be improved to better secure patient information.

This is the second big data breach that an eye care provider reported in the last couple of days. Simon Eye Management lately announced that it encountered an email security breach wherein the PHI of 144,000 people was compromised.