Medical Management Resource Group, trading as American Vision Partners, reported a significant breach affecting almost 2.4 million patients across its network of ophthalmology practices. The breach, detected on November 14, involved unauthorized access to a network server. While the company swiftly contained the breach, it was later revealed that personal information, including names, contact details, birthdates, medical records, and even Social Security numbers, might have been compromised. The affected firm, based in Tempe, Arizona, has taken steps to secure its systems and notified law enforcement, offering affected individuals two years of identity and credit monitoring.
This breach highlights the increasing vulnerability of healthcare organizations to cyber threats, especially through third-party vendors. In 2023, such vendors accounted for nearly 40% of major health data breaches, affecting over 90 million individuals. As Dustin Hutchison, CISO at Pondurance, suggests, healthcare entities must engage with vendors to understand and improve their cybersecurity measures continuously. The breach underscores the need for robust vendor vetting processes, emphasizing the importance of establishing a baseline for security controls across all clients.
