Cyber Incident Victim: Wolfe Eye Clinic

The Wolfe Eye Clinic in Iowa experienced a cybersecurity incident involving the Lorenz threat actor group, with the attack occurring on or around February 8, 2021. Lorenz publicly listed the clinic on its dedicated leak site on April 1, 2021, marking the first external indication of the breach. The threat actors offered encrypted archives of stolen data for sale, requiring buyers to purchase decryption keys, and also advertised access to the clinic's internal network for further exploitation. While Lorenz did not publicly share proof of claim documents without a key, partial directory listings visible in a redacted screenshot suggested the presence of operational and potentially sensitive files. The clinic confirmed ongoing forensic investigations into "targeted efforts to access data" and referenced an earlier unrelated phishing attempt, though no specifics about data encryption or network compromise were disclosed. Patient care operations remained uninterrupted across all locations during the investigation.

Wolfe Eye Clinic engaged forensic experts to assess the incident's scope, with the investigation expected to continue for several weeks beyond the initial May 2021 disclosure. The clinic emphasized maintaining system functionality and vigilance against further intrusions but did not confirm whether patient data was accessed or exfiltrated. As of June 22, 2021, an Associated Press update indicated the incident potentially affected up to 500,000 individuals, though no formal notifications had been issued to patients or the U.S. Department of Health and Human Services by that date. The breach remained absent from HHS's public breach portal at the time of reporting, leaving the final determination of impacted data types and regulatory reporting obligations unresolved in publicly available sources.