Cyber Incident Victim: Retina & Vitreous of Texas

Retina & Vitreous of Texas, PLLC detected unusual activity within its network on February 1, 2023, prompting an immediate investigation into the incident. The organization confirmed unauthorized access to its systems and took steps to secure the environment upon discovery. By February 15, 2023, the investigation revealed that personal and protected health information may have been acquired without authorization during the breach. Retina & Vitreous initiated a comprehensive review to identify affected individuals and determine the scope of compromised data, which concluded on March 21, 2023. The review established that current and former patients' information exposed in the incident included names, addresses, medical diagnoses, treatment details, insurance carrier information, and insurance subscriber identification numbers. No employee data was explicitly mentioned as compromised in the notification. The organization did not disclose technical details about the attack vector, duration of unauthorized access, or whether ransomware or data exfiltration occurred.

Retina & Vitreous formally notified potentially impacted individuals about the breach on April 10, 2023, approximately ten weeks after initial detection. The notification established a dedicated call center (1-888-566-0069) operating during Central Time business hours to address inquiries. The organization acknowledged the incident affected both personal and protected health information but did not specify the total number of impacted individuals or particular systems involved. No evidence of identity theft or fraud stemming from the breach was cited in the notification. Retina & Vitreous described privacy and data protection as top priorities while expressing regret for any inconvenience caused to affected parties. The public disclosure did not reference law enforcement involvement, regulatory filings, or specific security enhancements implemented post-incident beyond securing the environment.