Cyber Incident Victim: EyeSouth Partners

The security incident involving EyeSouth Partners began on September 11, 2018, when an unauthorized individual gained access to a single employee email account. This unauthorized access persisted undetected until October 25, 2018, when EyeSouth discovered the breach and immediately initiated an investigation. The company engaged multiple forensic experts to analyze the compromised account and assess potential data exposure. During this investigation, EyeSouth confirmed the security of its systems and implemented enhanced information security procedures to prevent similar incidents. The forensic analysis revealed that the attacker maintained continuous access to the email account for over six weeks, from the initial intrusion date through October 25.

On December 19, 2018, EyeSouth concluded that protected health information of approximately 24,000 patients across four Georgia-based ophthalmology practices – Georgia Eye Associates, Cobb Eye Center, South Georgia Eye Partners, and Georgia Ophthalmology Associates – was potentially exposed. The compromised data included names, randomly generated patient ID numbers, telephone numbers, email addresses, health insurance carrier details, account balances, payment histories, service summaries, and addresses. A small subset of individuals had their Social Security numbers exposed. EyeSouth began notifying affected patients in early 2019, establishing a dedicated toll-free assistance line for inquiries. The company offered complimentary credit monitoring services exclusively to those individuals whose Social Security numbers were impacted. No evidence suggested actual misuse of the exposed data, but the breach required mandatory HIPAA notifications due to the nature of the compromised information.