Cyber Incident Victim: Redwood Eye Center

On September 19, 2018, Redwood Eye Center discovered that IT Lighthouse, a third-party vendor hosting its medical records database, had experienced a ransomware attack. The incident resulted in the encryption of a server containing 16,055 patient records belonging to California residents. The compromised data included patient names, addresses, dates of birth, health insurance information, and medical treatment details. Redwood Eye Center subsequently notified all affected individuals through an official disclosure to the California attorney general's office. The organization characterized the event strictly as a ransomware attack that prevented access to records, emphasizing there was no evidence suggesting unauthorized data exfiltration or theft of patient information. The attack exclusively impacted IT Lighthouse's infrastructure hosting Redwood's database, with no indication of broader system compromise at Redwood's own facilities.

In response, Redwood Eye Center and IT Lighthouse engaged a specialized medical software vendor and a digital forensics firm to investigate the attack's origin and restore access to the encrypted files. The collaborative effort focused on identifying the intrusion vector and securing the compromised systems without paying ransom demands. Redwood publicly stated its conclusion that patient information remained confined to the encrypted environment and wasn't accessed or misused by threat actors. As a preventive measure, Redwood announced plans to terminate its relationship with IT Lighthouse and transition to a different medical records hosting provider. The organization also committed to implementing enhanced security protocols for future patient data management, though specific technical or procedural changes were not disclosed in their public notification.