UH College of Optometry and Valley Mountain Regional Center Report Data Breaches

The University of Houston College of Optometry has found out that an unauthorized person not from the United States acquired access to an affiliated eye clinic’s networks and stole data included in the database of the clinic.

The Community Eye Clinic based in Fort Worth, TX, is managed by UH College of Optometry. The security team discovered the attack on September 13, 2021, a day after the breach happened. The IT security team promptly took action to protect the system, implemented additional defensive safety measures to better secure patient information, and enhanced its monitoring and notifications. The security team also reviewed the clinic’s IT guidelines and procedures to make sure that industry-standard protocols are implemented.

The attacker obtained files associated with patients who got services at the Community Eye Clinic from May 22, 2013, to September 13, 2021. The information in the database included names, birth dates, contact details, government ID numbers, medical insurance data, Social Security numbers, passport numbers, driver’s license numbers, diagnosis, and treatment details. There was no financial data kept in the database and the attack did not affect the University of Houston or College of Optometry network systems.

The 18,500 impacted persons were instructed to keep track of their explanation of benefits statements and account for hints of fraudulent transaction, to review their credit reports, and to put a security fraud notifier on their credit reports.

17,197 Patients Affected by Valley Mountain Regional Center Phishing Attack

Valley Mountain Regional Center (VMRC) based in Stockton, CA has begun informing 17,197 patients that unauthorized individuals accessed some of their protected health information (PHI) located in breached email accounts.

VMRC found phishing emails in its inboxes on September 15, 2021, and removed all the messages from its email accounts; nevertheless, the following investigation of the phishing attack showed that 14 workers had clicked the hyperlinks and shared credentials that permitted access to their email accounts.

A thorough analysis of the contents of the impacted inboxes affirmed they included names, addresses, birth dates, state-given client identifier numbers, phone numbers, individual e-mail addresses, diagnoses, prescription drugs, dates of service, and other unique identifiers.

VMRC stated no proof was found that suggests the attacker accessed, obtained, or misused any data in the email accounts; nevertheless, impacted individuals were instructed to keep track of their accounts and credit reports for strange transactions.