Cyber Incident Victim: Central Vermont Eye Care

Central Vermont Eye Care, an ophthalmology practice based in Rutland, Vermont, experienced a cybersecurity incident involving unauthorized access to protected health information. The hacking incident occurred on an unspecified date but was publicly disclosed through patient notification letters sent on April 6, 2022. While the exact nature and method of the attack remained unclear based on available reports, the breach potentially exposed sensitive data belonging to up to 30,000 patients. No specific details were provided regarding how the intrusion was detected, what systems were compromised, or whether ransomware or data exfiltration occurred. The practice confirmed that unauthorized individuals gained access to protected health information, though the specific data elements at risk were not enumerated beyond this general classification.

The incident represented a significant exposure of patient data given the practice's size and specialty focus. Notification letters served as the primary response measure documented in available sources, fulfilling regulatory obligations to inform affected individuals. No information was disclosed regarding containment actions such as system isolation, credential resets, or network security enhancements. Similarly, the practice did not publicly describe engaging forensic investigators or implementing post-incident employee training. The breach's impact scope—30,000 individuals—placed it among notable healthcare incidents reported in early 2022, though less extensive than contemporaneous breaches at Wellstar Health (30,417 affected) and Resources for Human Development (46,673 affected). No evidence of data misuse was cited, and the incident had not yet appeared on federal breach reports at the time of initial disclosure.