Moorfields Eye Hospital

Moorfields Eye Hospital is an international healthcare provider specializing in ophthalmology, with its headquarters located in the United Arab Emirates and a operational facility in Dubai. The organization delivers comprehensive eye care services, managing sensitive patient information that includes identification details and medical records. Its presence in Dubai positions it within a key global market for medical tourism and specialized healthcare. The hospital's core function revolves around the diagnosis, treatment, and management of eye conditions, serving a diverse patient population. Operational scale and specific market reach details are not provided in the available information. The organization's primary distinguishing attribute is its clinical specialization in eye care, a focused sector within the broader healthcare industry. Its handling of patient data subjects it to relevant health information privacy regulations. The confirmed incident response demonstrates an established protocol for notifying individuals following a security breach involving personal information.

In August 2021, the hospital's Dubai servers were the target of a cyberattack claimed by the AvosLocker ransomware group. The attackers alleged the exfiltration of over 60 GB of data and issued ransom demands to prevent public leaks. The hospital subsequently confirmed a security incident involving unauthorized access to some patient identification information. It explicitly stated that patient health records were not compromised. The organization engaged cybersecurity specialists to investigate the breach and bolster its network defenses. Affected individuals were notified about the exposure of their personal data. The threat actors published samples of the breached information, which included spreadsheets containing patient names, phone numbers, past appointment details, and billing records. The hospital's public communication focused on the containment of the incident and the protection of clinical data, while acknowledging the exposure of certain identification records. This event highlights the persistent targeting of healthcare institutions for sensitive personal data. The hospital's response followed a standard pattern of investigation, specialist engagement, and patient notification. No further details regarding long-term impacts or specific regulatory penalties are available from the provided source material.