Reeve-Woods Eye Center

On November 14, 2014, the Reeve-Woods Eye Center experienced a data breach after discovering malware on its systems. The incident potentially compromised patients' protected health information (PHI), including names, Social Security numbers, and medical history. While the malware was detected, investigations found no evidence that unauthorized third parties had accessed or exfiltrated the data. The breach raised concerns about the security of sensitive patient records, though no immediate financial, reputational, or operational harm was confirmed. The incident highlighted vulnerabilities in the center’s cybersecurity defenses, particularly in safeguarding personally identifiable information (PII) and health records, which are high-value targets for cybercriminals. Authorities were notified as part of compliance protocols, but the lack of confirmed data theft limited the immediate fallout. However, the exposure of such sensitive data posed inherent risks, including potential identity theft or fraud if the information had been accessed without detection.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-47505

TPRM report: https://www.rankiteo.com/company/david-woods-md

"id": "dav350090725",
"linkid": "david-woods-md",
"type": "Breach",
"date": "9/2014",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'California, USA',
                        'name': 'Reeve-Woods Eye Center',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Malware',
 'data_breach': {'data_exfiltration': 'Unconfirmed (malware detected but no '
                                      'evidence of access)',
                 'personally_identifiable_information': ['names',
                                                         'social security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High (PHI including SSNs and medical '
                                        'history)',
                 'type_of_data_compromised': ['Protected Health Information '
                                              '(PHI)']},
 'date_detected': '2014-11-14',
 'date_publicly_disclosed': '2014-11-14',
 'description': 'The California Office of the Attorney General reported a data '
                'breach at Reeve-Woods Eye Center involving malware that may '
                "have compromised patients' protected health information "
                '(PHI), including names, social security numbers, and medical '
                'history. As of the reporting date, no evidence was found to '
                'confirm that patient information was accessed by third '
                'parties.',
 'impact': {'data_compromised': ['names',
                                 'social security numbers',
                                 'medical history'],
            'identity_theft_risk': 'Potential (no confirmed access)'},
 'investigation_status': 'Ongoing (no confirmed evidence of data access as of '
                         'reporting date)',
 'references': [{'date_accessed': '2014-11-14',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['Potential HIPAA violation '
                                                    '(unconfirmed)'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'response': {'communication_strategy': 'Public disclosure via California '
                                        'Office of the Attorney General'},
 'title': 'Data Breach at Reeve-Woods Eye Center',
 'type': 'Data Breach (Malware)'}