Cyber Incident Victim: Auburn Eye Care Associates

On September 26, 2017, the hacking group TheDarkOverlord publicly disclosed a breach of Auburn Eye Care Associates (AECA), an ophthalmology practice based in Auburn, California. The group claimed via Twitter to have stolen "many thousands of patient records" from the practice's electronic health record (EHR) system. Evidence indicates the intrusion occurred months prior to the public announcement, as TheDarkOverlord had privately communicated details of the breach to DataBreaches.net in June 2017. During these earlier communications, the threat actors provided samples of stolen patient data to substantiate their claims. The compromised information included sensitive patient records, though the exact number of affected individuals and specific data elements were not quantified in available disclosures.

Auburn Eye Care Associates did not publicly acknowledge the breach or respond to inquiries from DataBreaches.net following the June notification. This lack of engagement prompted DataBreaches.net to file a formal complaint requesting an investigation with the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) on September 26, 2017. The incident exposed patients to potential privacy violations and identity theft risks due to the theft of medical records. Regulatory scrutiny emerged as a consequence, with OCR possessing jurisdiction to investigate potential violations of the Health Insurance Portability and Accountability Act (HIPAA). TheDarkOverlord's history of extorting healthcare organizations and auctioning stolen data raised concerns about the disposition of AECA patient information, though no explicit ransom demands or data monetization efforts were documented in this specific case.