Cyber Incident Victim: Five Points Eye Care

On October 27, 2020, Five Points Eye Care in Athens, Georgia, discovered unauthorized access to its computer network occurring the same day. The breach was confined to correspondence sent to the practice from other treating physicians, which potentially contained patient names, dates of birth, Social Security numbers, addresses, medications, and treatment plans. The facility confirmed the compromised data did not include other sensitive or confidential information beyond these categories. Five Points Eye Care immediately reported the incident to law enforcement and initiated an internal investigation. The organization emphasized patient confidentiality as a core priority and stated no evidence indicated misuse of the exposed personal information at the time of disclosure.

Following the breach, Five Points Eye Care engaged an IT professional to conduct a comprehensive computer investigation, confirming no additional information beyond the physician correspondence was accessed. The practice implemented enhanced security measures with the IT professional’s assistance to prevent future unauthorized network access. Affected patients received direct notifications about the incident and were offered one year of complimentary credit monitoring services. The response focused on securing systems, verifying the breach’s limited scope, and providing remediation to impacted individuals without delaying public disclosure. Law enforcement involvement remained active as part of the incident management process.