Skip to main content
blue eye of a woman blue eye of a woman blue eye of a woman blue eye of a woman blue eye of a woman blue eye of a woman

Regional Eye Data Breach Investigation

Thank you for considering The Lyon Firm. At this time, we are not accepting plaintiffs related to this specific consumer issue. However, if you would like to be contacted in the future, please complete the contact form. By completing the form you will be contacted if the Firm begins accepting new cases on this matter, and you will also be included in firm news alerts related to important consumer safety and privacy issues to help keep you informed about related issues.

Eye Care Leaders, the third-party vendor that Regional Eye used for electronic medical records, experienced a data breach which may involve a vast amount of personal health information.

There is a growing list of ophthalmology practices, and currently 348,000 individuals, affected by a hacking incident at the electronic health records vendor Eye Care Leaders (ECL). More details about the December 2021 attack are emerging.

Several vision care practices around the country have reported data breaches involving the ECL incident. The Department of Health and Human Services’ Office for Civil Rights’ HIPAA Breach Reporting Tool website indicates more data breach reports filed by vision practices, related to the ECL security incident, including:

  • Frank Eye Center in Kansas – 26,333 individuals
  • Ilumin (Arkfeld, Parson & Goldstein) in Nebraska – nearly 15,000 individuals
  • Northern Eye Care Associates in Michigan – 8,000 individuals
  • Ad Astra Eye LLC in Kansas – 3,700 individuals
  • Summit Eye in Tennessee – over 50,000 individuals
  • Regional Eye Associates Inc. & Surgical Eye Center in Morgantown, West Virginia – 194,035 individuals
  • Texas Tech University – 1.2 million
  • Allied Eye Physicians in Ohio – 20,000

Regional Eye became aware of the data breach on March 1, 2022. The company says Eye Care Leaders informed them that the incident involved an individual who gained access to their system on December 4, 2021, and deleted several databases.

regional eye data breach notice