DataHEALTH, Inc.

On November 3, 2021, Compton Eye Care Optometry experienced a ransomware attack targeting its third-party vendor, DataHEALTH, Inc., which manages patient records. The breach resulted in the compromise of personal information, though the exact nature of the exposed data (e.g., medical records, financial details, or identifiers like Social Security numbers) and the number of affected individuals were not disclosed by the California Office of the Attorney General. The incident was publicly reported on February 28, 2022, highlighting a delay in notification. Given the involvement of ransomware and the potential exposure of sensitive patient data likely including protected health information (PHI) the attack poses significant risks to individual privacy, regulatory compliance (e.g., HIPAA violations), and operational trust. The lack of transparency about the scope of the breach further exacerbates concerns over the extent of the damage and the effectiveness of mitigation measures.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-551300

TPRM report: https://www.rankiteo.com/company/data-health-associates

"id": "dat930082125",
"linkid": "data-health-associates",
"type": "Ransomware",
"date": "11/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'healthcare',
                        'location': 'California, USA',
                        'name': 'Compton Eye Care Optometry',
                        'type': 'healthcare provider'},
                       {'industry': 'healthcare IT/data management',
                        'name': 'DataHEALTH, Inc.',
                        'type': 'third-party vendor'}],
 'data_breach': {'data_encryption': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': 'personal information'},
 'date_detected': '2021-11-03',
 'date_publicly_disclosed': '2022-02-28',
 'description': 'On February 28, 2022, the California Office of the Attorney '
                'General reported a data breach involving Compton Eye Care '
                'Optometry, which occurred on November 3, 2021. This breach '
                'was a ransomware attack that compromised personal information '
                'stored by DataHEALTH, Inc. The specific number of individuals '
                'affected and details of the compromised data remain unknown.',
 'impact': {'data_compromised': True, 'identity_theft_risk': True},
 'ransomware': {'data_encryption': True},
 'references': [{'date_accessed': '2022-02-28',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['California data breach '
                                                    'notification laws'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'response': {'law_enforcement_notified': True},
 'title': 'Ransomware Attack on Compton Eye Care Optometry via DataHEALTH, '
          'Inc.',
 'type': 'ransomware'}

DataHEALTH, Inc.

Asahi, City of Sugar Land and Government of Palau: Researchers warn of Qilin ransomware gang after group hit hundreds of orgs this year

Rumpke: Rumpke settles lawsuit over employee data stolen in cyberattack

deVixor: New Android Banking Malware ‘DeVixor’ Adds Ransomware Capabilities