At Harvard Eye Associates, we value our patients and their privacy. The purpose of this notice is to inform our patients about an incident that involved some patients’ personal information.
We contract with a vendor for online data storage. On January 15, 2021, the vendor notified us that hackers had accessed the vendor’s computer system and taken some of our data. The vendor informed us that the hackers had demanded money to return the data they had taken. After consulting with cybersecurity experts and the FBI, the vendor made the payment. The hackers then returned the data and told the vendor that they had not disclosed the data or kept any copies. The vendor determined, through its investigation, that the hackers might have been able to access Harvard Eye’s data as early as October 24, 2020. The vendor’s cybersecurity experts have been monitoring the internet and have not found any evidence that the hackers used or disclosed any of the data.
What Information Was Involved
The information taken by the hackers included some of Harvard Eye’s own patient information. It also included information about patients of Alicia Surgery Center, which we were using in order to perform administrative services for the Surgery Center.
The data taken by the hackers included patients’ names, addresses, phone numbers, email addresses, dates of birth, medical history, health insurance information, medications, and information about treatment from Harvard Eye. For some patients who have had eye surgery at Alicia Surgery Center, the data might also include medical information related to their surgeries. The hackers did not have access to patients’ social security numbers, driver’s license numbers, other government ID numbers, or credit or debit card information.
The data accessed by the hackers also included certain personal information about current and former employees of Harvard Eye and, in some cases, their family members and beneficiaries.
What We Are Doing
We are offering free credit monitoring and ID theft protection services to every individual whose information was affected by this incident.
When the vendor learned of this incident, it notified the FBI, hired cybersecurity experts, investigated, blocked further access by the hackers, and strengthened its security measures to help prevent future incidents. At Harvard Eye, we have taken steps to review and analyze the incident, and we will continue our ongoing efforts to maintain and enhance the security of our patients’ data.
We take our responsibility to protect patient’s personal and medical information very seriously. Please be assured that Harvard Eye Associates is committed to preventing any similar incident from occurring in the future.
To find out how to enroll in the free credit monitoring and ID theft protection services, or if you have any other questions or concerns, please call (888) 611-0026.