Panorama Eyecare, a physician-led management services organization in Fort Collins, CO, has disclosed a significant data breach affecting 377,911 individuals, a year after the ransomware attack was first detected. In July 2023, the LockBit ransomware group infiltrated Panorama Eyecare’s network, claiming to have exfiltrated a staggering 798 gigabytes of sensitive data, including information from its clients, such as the Eye Center of Northern Colorado, Denver Eye Surgeons, Cheyenne Eye Clinic & Surgery Center, and 2020 Vision Center.
The breach notification issued by Panorama Eyecare to the Maine Attorney General reveals that the intrusion was identified on June 3, 2023. Forensic investigations confirmed unauthorized access to the network between May 22, 2023, and June 4, 2023. The attacker potentially gained access to and removed various files from the network environment, exposing sensitive details like names, Social Security numbers, dates of birth, driver’s license numbers/state IDs, financial account information, dates of service, and medical provider names.
Panorama Eyecare has taken proactive measures to address the breach, engaging external cybersecurity experts to secure its systems and conduct thorough investigations. While the organization asserts that all systems and networks are now secure, it acknowledges the need for continuous evaluation and modification of cybersecurity practices to enhance the security and privacy of patient information. Additionally, the breach notice indicates that credit monitoring and identity theft protection services are being offered free of charge for 12 months to affected individuals, particularly those residing in Maine.
