Jones Eye Clinic and Surgery Center

Jones Eye Clinic and Surgery Center operates as a healthcare provider in the United States, delivering ophthalmology services and surgical procedures. The organization functions as both an eye clinic and an ambulatory surgery center, serving patients with a range of eye care needs from routine examinations to complex surgical interventions. The scale of its operations is indicated by the patient population affected by a significant security incident, where over 40,000 individuals' protected health information was potentially accessed, suggesting a substantial patient base. The clinic handles highly sensitive data, including names, addresses, birth dates, detailed medical records, visit specifics, and in some cases, Social Security numbers and insurance information, positioning it within the regulated healthcare sector where data privacy and security are paramount. Its service model combines clinical evaluation with surgical intervention in a single facility, a common structure for specialized outpatient care.

The organization's operational history includes a documented ransomware attack on August 23, 2018, which encrypted its network and demanded a ransom payment. The incident resulted in the compromise of billing systems, though forensic analysis confirmed that electronic medical records remained secure. Data restoration was achieved through existing backup systems without yielding to the ransom demand. Following the attack, the clinic engaged forensic investigators and the FBI, and subsequently implemented enhanced security measures to strengthen its defensive posture. Affected individuals were provided with guidance on mitigating potential identity theft risks, reflecting a standard response protocol for such healthcare data breaches. This event underscores the clinic's exposure to cyber threats common in the medical sector and its reliance on backup integrity and post-incident remediation to maintain continuity and comply with breach notification obligations.