Oregon Health Plans and Massachusetts Eye Clinic Report Separate Data Breaches Linked to Potential Fraud
Two healthcare organizations CareOregon and Health Share of Oregon, along with Andover Eye Associates in Massachusetts have disclosed data breaches involving unauthorized access to patient information, with potential ties to insurance fraud.
CareOregon and Health Share of Oregon
On October 27, 2025, the Oregon-based health plans discovered unauthorized access to protected health information (PHI) of an undisclosed number of patients. The breach exposed names, dates of birth, health plan details, Medicaid/Medicare numbers, and primary care provider information, though Social Security numbers and financial data were not accessed.
While the notice did not specify whether the breach was internal or external, the organizations warned of possible fraudulent insurance claims using the compromised data. Affected individuals were advised to review any unexpected billing notices, as legitimate claims would not result in out-of-pocket charges. Law enforcement was notified, and security measures including staff retraining and access restrictions were implemented to prevent further incidents. No breach report has been filed with the HHS Office for Civil Rights as of yet.
Andover Eye Associates
Separately, Andover Eye Associates detected suspicious activity in two employee email accounts on June 10, 2025, later confirming that an unauthorized third party accessed them on May 28, 2025. The breach affected 1,638 patients, exposing names and Social Security numbers.
Following an investigation, the clinic mailed notifications on November 4, 2025, offering 12 months of complimentary credit monitoring to impacted individuals. Additional security measures, including enhanced email safeguards and staff training, were put in place to mitigate future risks.
Both incidents highlight ongoing vulnerabilities in healthcare data security, with potential consequences for patient privacy and fraud exposure.
Source: https://www.hipaajournal.com/careoregon-health-share-oregon-data-breach/
Andover Eye Associates & GloMD cybersecurity rating report: https://www.rankiteo.com/company/andover-eye-associates-&-glomd
"id": "AND1768217112",
"linkid": "andover-eye-associates-&-glomd",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Oregon, USA',
'name': 'CareOregon and Health Share of Oregon',
'type': 'Healthcare Provider/Insurer'},
{'customers_affected': '1638',
'industry': 'Healthcare',
'location': 'Andover, Massachusetts, USA',
'name': 'Andover Eye Associates',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized Access (Insider or External Actor)',
'customer_advisories': 'Notification letters sent to affected individuals '
'with guidance on verifying insurance claims and '
'reporting discrepancies.',
'data_breach': {'number_of_records_exposed': '1638 (Andover Eye Associates); '
'Unknown (CareOregon/Health '
'Share of Oregon)',
'personally_identifiable_information': ['Names',
'Dates of Birth',
'Social Security '
'Numbers (Andover Eye '
'Associates)',
'Medicaid/Medicare '
'Numbers',
'Health Plan '
'Information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-10-27',
'description': 'CareOregon and Health Share of Oregon notified patients about '
'unauthorized access to protected health information, '
'potentially leading to insurance fraud. Andover Eye '
'Associates experienced an email security incident exposing '
'patient data.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'identity_theft_risk': True,
'operational_impact': 'Retraining staff, changing data access '
'protocols',
'systems_affected': ['Email Environment (Andover Eye Associates)']},
'investigation_status': 'Completed',
'lessons_learned': 'Improved data access controls, staff training, and email '
'security measures are critical to preventing unauthorized '
'access and potential fraud.',
'motivation': ['Fraud', 'Data Misuse'],
'post_incident_analysis': {'corrective_actions': 'Staff retraining, revised '
'data access protocols, '
'additional email security '
'safeguards',
'root_causes': 'Unauthorized access to email '
'accounts (Andover Eye Associates); '
'unclear whether insider or '
'external actor (CareOregon/Health '
'Share of Oregon)'},
'recommendations': ['Enhance email security protocols',
'Implement multi-factor authentication for email access',
'Regularly audit data access logs',
'Provide ongoing cybersecurity training for staff',
'Offer credit monitoring services to affected '
'individuals'],
'references': [{'source': 'HIPAA Journal'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA']},
'response': {'communication_strategy': 'Notification letters to affected '
'individuals',
'containment_measures': 'Issue fixed, data access protocols '
'changed',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': 'Staff retraining, additional email '
'safeguards (Andover Eye Associates)'},
'title': 'CareOregon and Health Share of Oregon Warn of Potential Insurance '
'Fraud After Data Breach; Andover Eye Associates Email Breach',
'type': ['Data Breach', 'Insurance Fraud']}