Simon Eye notifies more than 144,000 patients after hacker accessed employee email accounts

Simon Eye Management (“Simon Eye”) recently became aware of suspicious activity related to certain employee email accounts. With the assistance of third-party computer forensic specialists, we took immediate steps to contain the incident and to investigate the nature and scope of the incident. Simon Eye is issuing this notice to provide additional details regarding what is known about the incident, the steps we are taking in response, and steps potentially impacted individuals can take, if deemed appropriate.

What Happened?

On or about June 8, 2021, Simon Eye initially became aware of suspicious activity related to certain employee email accounts. We immediately launched an investigation with the assistance of third-party specialists to determine the nature and scope of the activity. This investigation determined that there was unauthorized access to certain employee email accounts from May 12, 2021 to May 18, 2021. Our investigation revealed that the unauthorized third party attempted to engage in wire transfer and invoice manipulation attacks against the company, none of which were successful. However, because the unauthorized third party was able to access certain employee email accounts during this time period, we reviewed the entire contents of these mailboxes to identify whether any personal information could have been accessed. To be clear, Simon Eye has uncovered no evidence that any employee or patient information was misused. Nevertheless, out of an abundance of caution, Simon Eye is providing this notice to any patients and employees whose information was within the affected mailboxes. Moreover, our internal efforts to identify contact information to directly notify those potentially impacted are ongoing.

What Information Was Involved?
The information that may have been impacted by this incident could have included one or more of the following: an individuals’ name; medical history; treatment or diagnosis information; health information; health insurance information, including policy and/or subscriber information; insurance application and/or claims information; and for a smaller number of individuals it may have included their Social Security number, date of birth, and/or financial account information. Importantly, to date, we have no evidence of any misuse of any data as a result of this incident.

What Are We Doing?
Simon Eye takes the confidentiality, privacy, and security of information in our care seriously. Upon discovery, we immediately reset user passwords, implemented additional data security protocols and commenced an investigation to confirm the nature and scope of the incident. We will continue to evaluate and implement additional safeguards. We are also reporting this incident to relevant state and federal regulators. Further, once we complete the review of the impacted data, we will be notifying potentially impacted individuals so that they may take further steps to help protect their information, should they feel it is appropriate to do so.

What Can Affected Individuals Do?

While we have no evidence of identity theft or fraud occurring as a result of this incident, we encourage potentially impacted individuals to review the below, Steps You Can Take to Help Protect Your Information.

For More Information.
We understand you may have additional questions concerning this incident. Individuals can direct questions to (855) 884-8171 from 9:00 a.m. to 9:00 p.m., Eastern Time, Monday through Friday.

Read more of their notification and advice on their web site.

About the author: Dissent

Comments are closed.