Tt has been revealed that the University of Houston College of Optometry had its databases infiltrated when an unauthorized person obtained access to the network of an affiliated eye clinic and stole information that was being held in the clinic’s database.
The access took place at a location outside of the United States. UH College of Optometry operates the Community Eye Clinic located in Fort Worth, TX. It was here that security experts discovered the unpermitted access at 9 a.m. on September 13, 2021. This was the morning after the breach occurred and the cybersecurity team moved quickly to secure the system, additional security measures have also been put in place to ensure patient data is properly secured. There has also been an audit of the clinic’s IT protocols and procedures to spot any possible vulnerabilities.
Files accessed by the hacker were connected to to patients who attended the Community Eye Clinic at some point between May 22 and September 13, 2021. The data that was being held incorporated names, dates of birth, contact information, government ID numbers, health insurance information, passport numbers, Social Security numbers, driver’s license information, and diagnosis and treatment details. No financial data was being held on the College of Optometry or University of Houston databases that were infiltrated.
A warning has been issued to the 18,500 impacted to remind them to keep a close eye on their accounts and explanation of benefits statements for any indication of fraudulent activity.
Elsewhere a Stockton, California-based Valley Mountain Regional Center (VMRC) has begun issuing breach notification to 17,197 patients to inform them that a portion of their protected health information may have been infiltrated by unauthorized people.
VMRC discovered phishing emails in staff email inboxes on September 15, 2021, and implemented measures to delete all copies of the messages discovered on its email database; however, the investigation into the breach showed that 14 members of staff had visited the URLs and handed over details credentials which permitted their email accounts to be accessed.
An in-depth review review of the contents of the impacted inboxes showed that they included names, address details, birth dates, state-issued client identifier numbers, telephone contact details, personal emails, diagnoses, medications, other potential unique identifiers, and appointment dates.
VMRC said it found nothing to suggest that any data in the email accounts was stolen or improperly used; however, impacted people have been warned to keep a close eye on the accounts for any indication of anything suspicious taking place.