Dr. DeLuca and Dr. Marciano Eye Associates

Dr. DeLuca and Dr. Marciano Eye Associates is an eye care practice operating in the United States. The organization provides ophthalmological or optometric services to patients, functioning as a medical practice specializing in vision health. Its operational base is located within the United States, serving a local patient population from its headquarters. The practice is identified by the professional names of its associated physicians, indicating a structure likely centered on the services of Dr. DeLuca and Dr. Marciano. As a healthcare provider, it handles sensitive patient health information in the course of routine care and administrative operations. The nature of its work places it under the regulatory purview of health information privacy and security laws, such as HIPAA. Its primary market is individuals seeking eye examinations, treatments, or procedures within its geographic service area. The practice represents a common model of a small to medium-sized specialty medical clinic.

The organization experienced a significant security incident on January 25, 2019, when it was targeted by a ransomware attack. This cyberattack resulted in the compromise of the personal and medical data belonging to nearly 24,000 patients. The practice responded by activating its incident response protocols, which included restoring its systems and data from clean backups, thereby avoiding the payment of a ransom to the attackers. The financial and operational costs associated with the breach response, particularly the mandated notifications to affected individuals, were covered by the organization's cyberinsurance policy. Following standard procedures for healthcare data breaches, the incident was formally reported to relevant federal health authorities. This event underscores the persistent threat of ransomware to healthcare entities and the importance of maintained data backups and appropriate insurance coverage in mitigating damage. The breach notification was publicly documented, providing a clear record of the incident's scope and the practice's adherence to post-breach notification requirements. The incident serves as a notable case study in ransomware response within the outpatient medical practice sector.