Cyber Incident Victim: Community Eye Clinic

On September 13, 2021, at 9 a.m., security staff at the University of Houston College of Optometry detected unauthorized access to the network of its affiliated Community Eye Clinic in Fort Worth, Texas. The intrusion occurred the previous day, involving an external attacker operating from outside the United States who exfiltrated the clinic's patient database. IT personnel immediately secured the compromised systems upon discovery. Forensic analysis confirmed the breach impacted records of patients treated between May 22, 2013, and September 13, 2021. The stolen database contained extensive personal and medical information including full names, dates of birth, contact details, government-issued identification numbers (Social Security numbers, driver's licenses, passports), health insurance details, and clinical diagnosis and treatment records. No financial data or university network systems beyond the clinic's database were affected during the incident.

The University of Houston College of Optometry implemented additional defensive measures to strengthen system security following containment, including enhanced monitoring protocols and alert systems. A comprehensive review of IT procedures was conducted to align operations with industry standards. Notifications were issued to all 18,500 affected individuals advising vigilance regarding account activity, credit reports, and insurance explanation of benefits statements. The clinic recommended patients consider fraud alerts on credit files but confirmed no evidence of data misuse had been identified at the time of disclosure. Remediation efforts focused exclusively on the Community Eye Clinic's infrastructure, with no subsequent breaches reported in university systems directly managed by the College of Optometry.