Cyber Incident Victim: InSpecs EyeWear

InSpecs EyeWear, a Hawaii-based HIPAA-covered eyewear provider accepting health insurance, was listed on LockBit 3.0 ransomware group's dedicated leak site on or around September 14, 2022. The ransomware operators claimed to have compromised the organization's systems and exfiltrated sensitive data, offering a proof pack containing images of patient records and a directory structure from the company's drives. The attackers set a purchase or destruction price of $40,000 for the stolen data, threatening to publicly release the information if their demands were not met. While the proof pack demonstrated access to protected health information, the available evidence did not clarify whether the files were recent or historical. No specific details were provided regarding the initial intrusion vector, duration of unauthorized access, or total number of affected individuals.

The incident exposed protected health information typically handled by healthcare providers, though the exact data elements and scope remained unverified in public reporting. As a HIPAA-covered entity, InSpecs EyeWear faced potential regulatory obligations to investigate and report the breach to federal authorities and affected patients. The presence of patient records in the proof pack suggested possible compromise of identifiers such as names, contact information, insurance details, and clinical data, though no specific confirmation of exfiltrated fields was available. LockBit 3.0's leak site posting represented the final stage of their ransomware operational model following failed extortion negotiations. No information was disclosed regarding InSpecs EyeWear's detection methods, containment actions, or whether the organization engaged with the threat actors. The company's status as a healthcare-adjacent business handling insurance claims made it a strategic target for ransomware groups seeking leverage through sensitive patient data exposure.