2021 Data Breaches Reported by U.S. Vision Subsidiary and Florida Addiction Treatment Center

USV Optical, a branch of U.S. Vision, has lately reported the exposure of patient records at a number of entities inside its network. It detected suspicious activity inside its system on May 12, 2021. Forensic investigation affirmed that unauthorized persons got access to its system for one month from April 20, 2021 to May 17, 2021. At that time, the attackers might have seen or stolen sensitive patient information.

USV Optical reported the breach to U.S. Vision immediately after it was discovered; nevertheless, at the moment it was not clear which entities and individuals were impacted. Nationwide Optical Group obtained or became associated with a number of U.S. Vision entities in September 2019, which includes SightCare and Nationwide Optometry. USV Optical began offering administrative assistance to those entities during that time. Nationwide Optical Group was notified concerning the breach and asked U.S. Vision to look further into the incident to learn more details and check the dark web to figure out whether any sensitive information was introduced. No more data was later provided concerning any dark web discoveries.

On September 22, 2022, Nationwide Optical Group reported that the analysis of the files located on the breached portions of the system was finished, and it confirmed the potential theft of these types of data: complete names, birth dates, addresses, taxpayer ID numbers, Social Security numbers,
driver’s license numbers, financial account details, medical and/or treatment details, prescription drugs, medical insurance data, and billing and claims details. The type of data compromised was not the same for all patients.

The data given was authenticated and accurate contact details were acquired, enabling the sending of notification letters to individuals. That part was done on October 17, 2022. Impacted persons have finally received notification letters and got offers of free credit monitoring and identity theft protection services.

Email Accounts Breach at Phoenix House Florida

Phoenix House Florida, a not-for-profit provider of residential addiction treatment facilities, has just reported the exposure of the protected health information (PHI) of 6,594 individuals. It is probable that the unauthorized individuals possibly obtained access to a number of employee email accounts.

The email accounts included the PHI of patients from Phoenix Programs of Florida, such as names, Social Security numbers, birthdays, credit/debit card numbers, CVV codes, and expiry dates, client digitized or electronic signatures, healthcare data like affliction, treatment, or diagnosis, and medical insurance data.

Phoenix House Florida didn’t say when the security breach was discovered however it mentioned that the email accounts breach happened from July 13, 2021, to November 1, 2021. The forensic investigation affirmed on September 2, 2022 the exposure of PHI, It sent notification letters to affected persons on October 19, 2022. There was no evidence uncovered that suggests the viewing or theft of information in the email accounts. Free identity theft protection services were provided to those who had their driver’s license numbers and Social Security numbers compromised.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.