Cyber Incident Victim: Cochise Eye and Laser

On January 13, 2021, Cochise Eye and Laser, operating as RF Eye, P.C. in Arizona, experienced a ransomware attack that encrypted its patient scheduling and billing software systems. The attack rendered critical operational data inaccessible, with some information deleted entirely. The practice’s notification, posted on its website by February 17, 2021, stated there was no evidence of data exfiltration, emphasizing that the primary impact was the encryption and deletion of records. Systems remained compromised for over a month, forcing the clinic to revert to paper-based operations for patient charts and scheduling as of February 17. The attack disrupted all post-January 1, 2020, patient scheduling data, necessitating manual outreach to reschedule follow-up appointments for affected individuals.

The incident compromised names, dates of birth, addresses, phone numbers, and, in some cases, Social Security numbers stored within the billing software, impacting 100,000 patients according to the entity’s report to the U.S. Department of Health and Human Services. Patients received guidance on self-protection measures but were not offered complimentary credit monitoring or identity theft restoration services. The practice did not disclose whether a ransom demand was made, and no associated data leaks appeared on ransomware group extortion sites. Operational recovery challenges persisted, with the clinic unable to restore digital scheduling functionality weeks after the attack, prolonging reliance on manual processes.