May Eye Care

May Eye Care is a United States-based healthcare provider specializing in vision-related medical services. Operating under the aliases May Eye Care and MayEye Care, the organization manages electronic medical records containing sensitive patient information as part of its clinical operations. The practice’s infrastructure includes servers and systems supporting patient care documentation, insurance processing, and administrative functions typical of medical facilities handling protected health information. While specific service offerings or specialty areas beyond general eye care aren’t detailed in public disclosures, the nature of the compromised data during its 2018 incident confirms its role in diagnosing and treating patients with varied ocular health conditions.

A July 2018 ransomware attack significantly disrupted May Eye Care’s operations by encrypting servers and medical records systems. The breach potentially exposed names, birthdates, addresses, clinical diagnoses, insurance details, and limited Social Security numbers for approximately 30,000 individuals. Forensic investigations found no evidence of data misuse, but the incident forced multi-day operational interruptions while systems were restored from backups without ransom payment. The organization demonstrated crisis management capabilities by engaging computer forensics experts, coordinating with law enforcement, and executing data recovery protocols independently. Post-incident enhancements to security measures were implemented to mitigate future risks, though technical specifics weren’t publicly disclosed.

Notification letters advised affected patients to monitor financial accounts and consider fraud alerts, reflecting compliance with healthcare breach disclosure requirements. The incident underscored the organization’s vulnerability to targeted cyberattacks despite maintaining backup systems that enabled operational recovery. No subsequent incidents or expansions in service scope have been documented in available sources since the 2018 event. The practice’s response highlights a commitment to regulatory adherence and infrastructure resilience within the constraints of a regional healthcare provider facing evolving cybersecurity threats.