Another business associate attack results in theft of patient data — Panorama Eyecare

Panorama Eyecare in Colorado is a physician-owned firm providing business associate services to vision care providers:

Services include information technology, human resources, finance, revenue cycle management, credentialing and payor contracting, marketing, and more. Image:

Earlier today, the firm was added to LockBit’s leak site with a claim that 798 GB of data had been exfiltrated from four of the firm’s clients:

Listing on LockBit showed less than 4 days left on a countdown clock for Panorama Eyecare to pay or data would be leaked.
Listing shows that Panorama Eyecare has less than four days to pay an unspecified amount before data are leaked. Image:

LockBit posted a number of screencaps as proof of claims and a number of them revealed patient information. Of the four entities/clients named by LockBit in the post, DataBreaches did not see any screencaps with patient data from either the Cheyenne Eye Clinic or the 2020 Vision Center, but “CEC” was a folder in a drive that LockBit claimed to have accessed. Skynet was also a folder on that drive, but LockBit made no claims about them.

Because some affiliates may lock and exfiltrate while others may skip the encryption and just exfiltrate data, it is not clear what happened in this case yet. None of the entities have posted any notices on their websites or issued any statements addressing the claimed attack as yet.

DataBreaches has sent inquiries to Panorama Eyecare, the Eye Center of Northern Colorado, Denver Eye Surgeons, and the 2020 Vision Center, but no replies have been received by publication.

About the author: Dissent

Comments are closed.