Cyber Incident Victim: Millennium Eye Care

Millennium Eye Care, a Freehold, New Jersey-based ophthalmology services provider, experienced a cybersecurity incident involving unauthorized access to its computer network by hackers who deployed ransomware. The attack was discovered on November 14, 2021, when the organization confirmed that attackers had exfiltrated a substantial volume of data prior to encrypting files in an extortion attempt. While the exact date of initial network compromise remains unspecified in breach notifications, the exfiltration preceded the ransomware deployment. Stolen data included protected health information such as patient names and Social Security numbers, though the full scope of compromised records was not quantified in available disclosures. Millennium Eye Care did not publicly confirm whether ransom demands were paid or specify the ransomware variant involved in the attack.

In response to the breach, Millennium Eye Care implemented enhanced network security measures to mitigate future risks and conducted supplemental cybersecurity training for staff to improve threat recognition capabilities. The organization mailed individual notifications to affected patients by December 22, 2021, detailing protective measures against identity theft and fraud. Remediation efforts included complimentary identity theft protection services and a $1,000,000 identity theft reimbursement policy for impacted individuals. Regulatory authorities were notified of the breach, though the incident had not been published on the HHS Office for Civil Rights breach portal as of the last available reporting, leaving the total number of affected patients undisclosed in public records. No operational disruptions or system downtime were explicitly cited in the organization's public statements regarding the incident's aftermath.