Cyber Incident Victim: Eye Care Associates Inc.

On or around August 1, 2019, Eye Care Associates Inc., a regional ophthalmology and optometry provider serving northeastern Ohio’s three-county area, experienced a ransomware attack that encrypted its computer systems. The attack rendered the systems inaccessible, disrupting normal operations for approximately two weeks. Mary Jo Sierra, the organization’s Director of Operators, confirmed the incident on August 13, 2019, stating that systems remained locked at that time but anticipated full restoration within “the next day or two.” The attack prevented the practice from booking patient appointments during the outage period, significantly impacting scheduling capabilities. Sierra emphasized that no patient data or sensitive information was stolen in the attack. The organization did not disclose the specific ransomware variant involved or the initial attack vector.

Eye Care Associates utilized backup systems to restore operations, avoiding permanent data loss or corruption. The recovery process required extensive efforts to rebuild systems, though the practice did not specify whether it paid a ransom or relied solely on backups. While Sierra asserted no data exfiltration occurred, the prolonged system unavailability impaired clinical and administrative workflows for weeks. The incident highlighted operational vulnerabilities, as appointment management disruptions persisted despite the absence of confirmed data compromise. No patient notifications or credit monitoring services were reported, as the organization maintained that no protected health information was accessed or acquired by threat actors. Restoration efforts focused on returning to full operational capacity without disclosing additional technical safeguards implemented post-incident.