Cyber Incident Victim: Southeast Eye Institute

In January 2015, an unauthorized individual breached the systems of Bizmatics, a medical practice software provider serving the Southeast Eye Institute, P.A. (operating as Eye Associates of Pinellas in Florida). The breach compromised patient data managed by Bizmatics on behalf of the Southeast Eye Institute, though the specific intrusion methods were not detailed in available reports. The Southeast Eye Institute was notified of the potential compromise on March 30, 2016—over a year after the breach occurred—indicating delayed detection and disclosure. Investigators confirmed the exposure of personal information belonging to 87,314 patients, including names, addresses, telephone numbers, Social Security numbers, dates of birth, and insurance details. Bizmatics could not determine whether the attacker accessed or successfully collated specific data files, leaving uncertainty about the exact scope of exfiltration. The Southeast Eye Institute acknowledged that "at least some" of its patients were impacted but relied on Bizmatics' inability to provide definitive confirmation about which records were targeted.

Following the breach notification, Bizmatics engaged a cybersecurity firm to implement defensive enhancements, including firewall hardening and network configuration improvements. The Southeast Eye Institute terminated its use of Bizmatics' practice management software and coordinated breach notifications to affected patients. Impacted individuals received offers for one year of complimentary identity protection and credit monitoring services. The institute issued a public apology through its notification, stating, "We sincerely apologize for any inconvenience and concern," while emphasizing its reliance on third-party vendors for data security. The incident underscored risks associated with third-party data handling in healthcare, particularly the challenges of timely breach detection and vendor accountability when sensitive patient information is stored externally.