Eye Care Leaders Holdings, LLC provides electronic medical records (EMR) or practice management software to more than 9,000 ophthalmology doctors or practices. However, the complaint alleges that the computer network was “insufficiently secured” and held unencrypted data, resulting in a data breach that exposed the personally identifiable information (PII) of patients and employees and also eye-related protected health information (PHI).
The class for this action is all persons whose private information was exposed as a result of the data breach discovered by Eye Care Leaders on or around December 4, 2021, including all persons to whom Eye Care Leaders sent a notice of the data breach.
The complaint quotes the notice of the data breach as saying that, on March 1, 2022, Eye Care Leaders “identified unauthorized access to [its] myCare Integrity data” that had occurred on or around December 4, 2021 and eventually determined that cybercriminals had had access to and “deleted databases and system configuration files” with patient information from the company’s myCare Integrity network.
On March 28, 2022, the company announced to clients that the cybercriminals may have gained unauthorized access to information including names and “one or more of the following: date of birth, medical record number, health insurance information, Social Security number, and information regarding care received…”
The notices to the individual victims whose information was exposed were dated April 27, 2022, the complaint alleges, nearly five months after Eye Care Leaders first learned of the data breach.
The complaint alleges that health care entities are a frequent target of cybercriminals because of the valuable information they store. “In fact,” the complaint alleges, “according to the cybersecurity firm Mimecast, 90% of healthcare organizations experienced cyberattacks in the past year.” The complaint thus contends that Eye Care Leaders should have anticipated and prepared for cyberattacks against its systems.
The complaint faults Eye Care Leaders for three things related to this incident:
- The company did not take adequate measures to safeguard the private information it maintained.
- It did not give the individual victims timely and adequate notice that the data breach had occurred.
- It did not tell the individual victims exactly what type of information was accessed and stolen.
According to the complaint, Eye Care Leaders did not comply with Federal Trade Commission (FTC) cybersecurity guidelines, including its updated Protecting Personal Information: A Guide for Business. The FTC has filed enforcement actions against businesses who have maintained “unreasonable” data security practices.
Also, the complaint alleges that Eye Care Leaders also did not follow industry standards for cybersecurity.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Eye Care Leaders Data Breach Complaint
June 10, 2022
Eye Care Leaders Holdings, LLC provides electronic medical records (EMR) or practice management software to more than 9,000 ophthalmology doctors or practices. However, the complaint alleges that the computer network was “insufficiently secured” and held unencrypted data, resulting in a data breach that exposed the personally identifiable information (PII) of patients and employees and also eye-related protected health information (PHI).
Eye Care Leaders Data Breach ComplaintCase Event History
Eye Care Leaders Data Breach Complaint
June 10, 2022
Eye Care Leaders Holdings, LLC provides electronic medical records (EMR) or practice management software to more than 9,000 ophthalmology doctors or practices. However, the complaint alleges that the computer network was “insufficiently secured” and held unencrypted data, resulting in a data breach that exposed the personally identifiable information (PII) of patients and employees and also eye-related protected health information (PHI).
Eye Care Leaders Data Breach Complaint