Cyber Incident Victim: Jones Eye Clinic and Surgery Center

On August 23, 2018, staff at Jones Eye Clinic and Surgery Center discovered a ransomware attack had encrypted their computer network during morning operations. The attack impacted systems containing protected health information of patients registered or treated at Jones Eye Clinic or its affiliated CJ Elmwood Partners, L.P. surgery center between January 1, 2003, and the discovery date. Attackers demanded payment to decrypt the files, but the clinic engaged multiple technology companies to restore all affected data using existing backups, avoiding ransom payment. Immediate containment measures included deploying upgraded security protections across the network to block further intrusions. The clinic also initiated forensic investigations with professional computer analysts and reported the incident to the FBI.

Forensic analysis determined that while electronic medical records remained uncompromised, attackers potentially accessed and exfiltrated data from the clinic’s billing and scheduling software. This software contained full names, addresses, dates of birth, service dates, medical record numbers, and general descriptions of patient visits or surgeries for over 40,000 individuals. A subset of records included Social Security numbers, insurance status details, and claims information, though no bank account or credit card data was stored in the affected systems. The clinic mailed individualized notification letters to all impacted patients outlining identity theft prevention steps. Restoration of encrypted data from backups was completed promptly after detection, with no operational disruption reported beyond the initial encryption event. The investigation confirmed the attackers’ access was limited to non-clinical administrative systems during the compromise window.