Cyber Incident Victim: Simon Eye
Date:
May 2021
Location:
United States of America
Summary
Simon Eye experienced unauthorized access to employee email accounts over a seven-day period, potentially exposing personal and medical information of approximately 144,000 individuals. The compromised data included names, medical histories, treatment details, health insurance information, and for some, Social Security numbers, dates of birth, and financial account data. Attackers attempted unsuccessful wire transfer and invoice manipulation attacks. The optometry provider detected suspicious activity, reset passwords, implemented additional security measures, and initiated an investigation, finding no evidence of data misuse. Affected individuals were advised to monitor financial accounts and consider fraud alerts, with notifications sent following a review of the impacted data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Simon Eye, a US-based optometry provider operating ten clinics in Delaware, experienced a data breach involving unauthorized access to employee email accounts between May 12 and May 18, 2021. The company detected suspicious activity in these internal accounts on or around June 8, 2021, prompting immediate response measures including password resets for affected accounts, implementation of additional data security protocols, and initiation of a formal investigation to determine the incident's scope. Attackers attempted wire transfer fraud and invoice manipulation during the breach period, but these financial schemes were unsuccessful. The forensic review of compromised mailboxes revealed that sensitive patient information was potentially exposed, including full names, medical histories, treatment details, diagnosis information, health insurance policy numbers, subscriber data, and insurance application or claims documentation. For a subset of affected individuals, the exposure extended to Social Security numbers, dates of birth, and financial account information. Simon Eye confirmed the breach impacted 144,373 individuals according to its filing with the U.S. Department of Health and Human Services breach portal.
The company completed its review of potentially compromised data before issuing notifications to affected patients, emphasizing no evidence of data misuse had been identified at the time of disclosure. Simon Eye advised impacted individuals to monitor financial accounts, consider fraud alerts or credit freezes through credit bureaus, and utilize a dedicated helpline for inquiries. The organization reported the incident to relevant state and federal regulators while committing to ongoing evaluation and implementation of additional security safeguards. Internal response efforts focused on containment through credential management and enhanced security controls following the seven-day breach window. No operational disruptions to clinical services were reported, though the incident exposed sensitive health information protected under HIPAA regulations. Simon Eye declined to provide additional comments beyond its public breach notice when contacted by media outlets.