Another business associate attack results in theft of patient data — Panorama Eyecare
Panorama Eyecare in Colorado is a physician-owned firm providing business associate services to vision care providers:
Earlier today, the firm was added to LockBit’s leak site with a claim that 798 GB of data had been exfiltrated from four of the firm’s clients:
- Eye Center of Northern Colorado
- Denver Eye Surgeons
- Cheyenne Eye Clinic & Surgery Center; and
- 2020 Vision Center
LockBit posted a number of screencaps as proof of claims and a number of them revealed patient information. Of the four entities/clients named by LockBit in the post, DataBreaches did not see any screencaps with patient data from either the Cheyenne Eye Clinic or the 2020 Vision Center, but “CEC” was a folder in a drive that LockBit claimed to have accessed. Skynet was also a folder on that drive, but LockBit made no claims about them.
Because some affiliates may lock and exfiltrate while others may skip the encryption and just exfiltrate data, it is not clear what happened in this case yet. None of the entities have posted any notices on their websites or issued any statements addressing the claimed attack as yet.
DataBreaches has sent inquiries to Panorama Eyecare, the Eye Center of Northern Colorado, Denver Eye Surgeons, and the 2020 Vision Center, but no replies have been received by publication.