Wolfe Eye Clinic, a major eye health clinic based in Iowa, has experienced a data breach due to a cyberattack. The news comes from the clinic’s website where they dedicated a page to explain the situation. The page reads, in part, as follows:
On February 8, 2021, Wolfe Eye Clinic was the target of a cybersecurity attack that involved an unauthorized third party attempting to gain access to our computer network. Upon detecting this incident, we moved quickly to secure our network environment and launched a thorough investigation. The investigation was performed with the help of independent IT security and forensic investigators to determine the scope and extent of the potential unauthorized access to our systems and any sensitive information. Given the complexity and scale of the cyberattack detected, the full scope of information potentially impacted was not fully realized until May 28, 2021.
Officially, the third-party investigation concluded in early June, and once the data incident was fully understood, the decision was made (rightly) to inform patients. Wolfe Eye Clinic’s investigators found that an unknown threat actor accessed patient records and obtained a great deal of personal data. This data includes addresses, full names, Social Security numbers, and, in the most extreme cases, confidential medical records.
Wolfe Eye Clinic is not stating how the unnamed attacker was able to gain access to such sensitive data. As a way to mitigate the damage for patients affected, the clinic is offering “the services of IDX to provide identity monitoring, at no cost, to affected individuals for twelve (12) months to help relieve concerns and restore confidence following this incident.” All patients who were potential victims have already been notified by the clinic. Wolfe Eye Clinic is just the latest in a rash of attacks against health-care providers.
While there is no official statement showing just how the Wolfe Eye Clinic was breached or who perpetrated the cyberattack, it is clear that they had major gaps in their security protocols.
Featured image: Flickr/Robert Couse-Baker