Harvard Eye Associates and Alicia Surgery Center, both in Laguna Hills, Calif., recently began notifying almost 30,000 patients that their protected health information was exposed in a ransomware attack on their IT vendor.
Harvard Eye Associates said its online data storage vendor alerted it of the breach on Jan. 15, according to the provider's data breach notice. Hackers accessed the vendor's computer system and stole some of Harvard Eye Associates' patient data. The cyber criminals demanded an undisclosed financial amount in return for the stolen data, which the vendor chose to pay after consulting with the FBI and cybersecurity experts.
The hackers gave back the data and told the vendor they had not disclosed any information or kept any copies of the records. Harvard Eye Associates reported the breach to HHS Feb. 8 as affecting 29,982 individuals.
Data taken by the hackers included some of Harvard Eye Associates' patient data as well as information from patients of Alicia Surgery Center in Laguna Hills. Patient health information exposed included names, addresses, birth dates, medical history and health insurance details.
The hackers also accessed data including certain personal information about current and former employees of Harvard Eye Associates as well as their family members and beneficiaries.
As a result of the incident, Harvard Eye Associates is offering free credit monitoring and identity theft protection services to any individuals affected.