tl;dr
Asheville Eye Associates, a North Carolina-based eye care firm, experienced a cybersecurity breach affecting 147,116 individuals. The attacker accessed personal and health information, including names, addresses, Social Security numbers, medical treatment reports, and insurance records. The breach w...
Asheville Eye Associates, a North Carolina-based ophthalmology firm, suffered a significant cybersecurity breach exposing sensitive personal and health data of 147,116 patients. The compromised data included names, addresses, Social Security numbers, medical treatment reports, and health insurance records.
The breach was initially detected on January 31, 2025, and following an extensive investigation that concluded on April 14, 2025, additional affected individuals were identified. An unknown attacker accessed the firm's network and siphoned the patient information, prompting Asheville Eye Associates to engage third-party cybersecurity specialists immediately.
In response, the firm notified impacted individuals by sending letters detailing the incident and offered free credit monitoring services to those whose Social Security numbers were exposed. Despite the scale of the breach, Asheville Eye Associates has not yet reported any cases of identity theft related to this event.
Specializing in cataract surgery, glaucoma and diabetes laser treatments, LASIK, and other eye care procedures, Asheville Eye Associates’ swift action highlights the critical importance of cybersecurity in healthcare. This incident serves as a stark reminder of the vulnerabilities faced by medical service providers and the need for robust data protection strategies.