Black Hills Regional Eye Institute in Rapid City experienced a cyberattack in early January, where an unauthorized party gained access to sensitive patient files between January 4 and January 8. The breach was identified after a thorough review, which concluded on July 30, with notification letters sent to affected individuals starting August 29. The exposed data may include medical records, insurance details, and, in some cases, Social Security numbers, though the institute states there is no evidence of misuse thus far. As a precautionary measure, the organization is offering credit monitoring services to impacted patients. The incident highlights vulnerabilities in healthcare data security, raising concerns over potential identity theft or financial fraud despite the lack of confirmed exploitation. The breach underscores the critical need for robust cybersecurity measures in healthcare institutions, where sensitive patient information is a prime target for cybercriminals. The delayed detection and notification period further emphasize the challenges in promptly addressing such incidents.
Source: https://www.kotaradio.com/2025/09/17/1357/
TPRM report: https://www.rankiteo.com/company/black-hills-regional-eye-institute-llp
"id": "bla0592905091725",
"linkid": "black-hills-regional-eye-institute-llp",
"type": "Cyber Attack",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Rapid City, South Dakota, USA',
'name': 'Black Hills Regional Eye Institute',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Notification letters sent to affected individuals; '
'credit monitoring offered',
'data_breach': {'data_exfiltration': 'Yes (files accessed by unauthorized '
'party)',
'personally_identifiable_information': 'Yes (Social Security '
'numbers in some '
'cases)',
'sensitivity_of_data': 'High (includes PII and PHI)',
'type_of_data_compromised': ['medical details',
'insurance details',
'Social Security numbers']},
'date_detected': '2024-01-04',
'date_publicly_disclosed': '2024-08-29',
'description': 'Black Hills Regional Eye Institute in Rapid City reported a '
'cyberattack in January where an unauthorized party accessed '
'files containing patient data, including medical and '
'insurance details, and in some cases, Social Security '
'numbers. The institute stated there is no evidence of misuse '
'and is offering credit monitoring to affected individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive patient data',
'data_compromised': ['medical details',
'insurance details',
'Social Security numbers (in some cases)'],
'identity_theft_risk': 'High (due to exposure of Social Security '
'numbers)'},
'investigation_status': 'Completed (review finished July 30, 2024)',
'references': [{'date_accessed': '2024-08-29',
'source': 'Black Hills Regional Eye Institute Website '
'Notice'}],
'regulatory_compliance': {'regulations_violated': ['Potentially HIPAA (Health '
'Insurance Portability and '
'Accountability Act)']},
'response': {'communication_strategy': 'Notification letters sent to affected '
'individuals beginning August 29, '
'2024; details posted on the '
'institute’s website',
'incident_response_plan_activated': 'Yes (review completed by '
'July 30, 2024)'},
'title': 'Black Hills Regional Eye Institute Cyberattack Exposes Patient Data',
'type': 'Data Breach'}