312,000 Patients Impacted by Texas Retina Associates Cyberattack

Texas Retina Associates (“Texas Retina”) encountered a cyberattack that impacted over 312,000 patients. This company is the biggest ophthalmology practice with 15 practices established in Dallas, Texas. The attack involved unauthorized access to its network and possible theft of sensitive patient information. On March 27, 2024, Texas Retina Associates discovered suspicious network activity and engaged third-party cybersecurity experts to look into the incident. They reported that an unauthorized actor acquired access to its system on October 8, 2023, and continued to have access until March 27, 2024 when the breach was discovered.

Texas Retina Associates stated it did not know of any improper use of patient records, but it is sending notifications as a safety precaution since data files that contained patient information were compromised. The file analysis revealed that the compromised information included first name and last name, telephone number, address, email address, date of birth, sex, Social Security number, health record number, clinical data, prescription data, medical data, health history, and medical insurance data. These letters should give victims a listing of their data that was compromised.

The breach report was submitted to the HHS’ Office for Civil Rights indicating that up to 312,867 present and past patients were affected. According to Texas Retina Associates, its systems were secured, extra cybersecurity measures were applied, cybersecurity guidelines and procedures were improved, and further cybersecurity and HIPAA training were given to its employees. The helpline (888-498-3901) is set up for affected individuals to get more information regarding the breach. Support is available from 8 a.m. until 8 p.m. Central Time. Texas Retina Associates posted a substitute breach notice on its website, but it did not mention how the breach happened, nor did it give details of Texas Retina’s response. The notice also did not mention about any free credit monitoring or identity protection services offered to the victims.

On June 26, 2024, Texas Retina also notified the Attorney General of Texas after being sure that the private data entrusted to the organization had been hacked. Texas Retina started sending data breach notification letters to all people whose data was impacted by the recent security incident.

Photo credits: StockUp; AdobeStock

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

John Blacksmith

John Blacksmith is a journalist with several years experience in both print and online publications. John has specialised in Information technology in the healthcare sector and in particular in healthcare data security and privacy. His focus on healthcare data means he has specialist knowledge of the HIPAA regulations. John has a degree in journalism.