tl;dr
Asheville Eye Associates, a North Carolina-based optical care firm, experienced a cybersecurity breach that exposed sensitive personal and health information of 147,116 individuals. The breach involved unauthorized access to patient data, including names, addresses, Social Security numbers, medical ...
Asheville Eye Associates, a North Carolina-based optical care firm, experienced a significant cybersecurity breach exposing sensitive personal and health information of 147,116 patients. The compromised data included names, addresses, Social Security numbers, medical treatment reports, and health insurance records.
The breach was detected on January 31, 2025, when unauthorized access to the firm's network was discovered and stopped. A thorough investigation, which concluded on April 14, 2025, revealed additional impacted individuals beyond the initial count. The firm promptly notified those affected and is offering free credit monitoring services to patients whose Social Security numbers were exposed.
Despite the severity of the incident, Asheville Eye Associates reports no detected cases of identity theft related to the breach so far. The firm specializes in ophthalmology services, including cataract surgery, laser surgery for glaucoma and diabetes, LASIK, and other treatments for eye disorders.
The company engaged third-party cybersecurity specialists to secure its network and investigate the breach, emphasizing its commitment to patient privacy and data security in the wake of this incident.