Ransomware Attack on Arizona Optometrist

Written by

A cyber-attack on an optometrist located in Sierra Vista, Arizona, has affected up to 100,000 patients. 

Cyber-criminals successfully hit Cochise Eye and Laser with ransomware in January, encrypting the office's patient scheduling and billing software. 

Patient data stored in the billing software included names, dates of birth, addresses, phone numbers, and in some cases Social Security numbers.

While the attack prevented staff from accessing certain data, a spokesperson for the office said that no signs had been found to indicate that any data theft or exfiltration had taken place.

A breach notice issued by Cochise explained: "There is no evidence that the data was taken, only that it was encrypted, and in some cases deleted, making it impossible for us to access anything in our scheduling system."

Since the attack, which occurred on January 13, 2021, Cochise has been forced to fall back on paper and pens and undertake the laborious task of rebuilding its appointment schedule. 

"Our office is still operating with paper charts, so we can continue care of our patients," said the spokesperson. "We will be using charts to rebuild our schedules.

"Everyone seen after January 1st, 2020 will be called to reschedule follow up appointments, as we have no way of knowing when they were originally scheduled." 

The optometrist's office said it planned to increase cybersecurity following the attack. 

"We have been working on implementing increased security measures, recovering data, and a new offsite backup," said Cochise.

Although no evidence has been found that data was taken, the incident is still considered a breach of protected health information and has been reported to the HHS’ Office for Civil Rights as affecting up to 100,000 patients.

Cochise Eye and Laser provides ophthalmology and optometry services in Cochise County and throughout Southeastern Arizona via two optometry clinics and a surgical office. 

The eye-care provider advised its patients to place a fraud alert on their credit file and to request and review their credit reports.  

Cochise told its customers: "We are committed to patient privacy and continued exceptional patient care. We apologize for the inconvenience and appreciate your patience with our staff as they navigate through these challenging times."

What’s hot on Infosecurity Magazine?