The Washington State Office of the Attorney General disclosed a data breach affecting Eye Care Leaders, a provider of electronic medical record (EMR) services, specifically its myCare Integrity platform. The incident occurred on December 4, 2021, but was reported on April 22, 2022. Unauthorized access exposed the medical and personal information of 19,092 EvergreenHealth patients, including names, dates of birth, and medical records. While no financial data was compromised, the breach raised concerns over patient privacy violations and potential misuse of sensitive health information. The exposure of medical details without financial theft suggests the attack targeted personal identification and health data, likely for secondary exploitation (e.g., identity fraud, phishing, or medical insurance scams). The breach underscores vulnerabilities in third-party EMR systems, which store highly sensitive patient data, and highlights the need for stricter access controls and monitoring in healthcare IT infrastructure.
TPRM report: https://www.rankiteo.com/company/evergreenhealth-foundation
"id": "eve741082025",
"linkid": "evergreenhealth-foundation",
"type": "Breach",
"date": "12/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '19,092 (EvergreenHealth '
'patients)',
'industry': 'Healthcare',
'name': 'Eye Care Leaders',
'type': 'Healthcare IT Provider'},
{'customers_affected': '19,092',
'industry': 'Healthcare',
'location': 'Washington State, USA',
'name': 'EvergreenHealth',
'type': 'Healthcare Provider'}],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'number_of_records_exposed': '19,092',
'personally_identifiable_information': ['names',
'dates of birth'],
'sensitivity_of_data': 'High (medical and personal '
'information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2021-12-04',
'date_publicly_disclosed': '2022-04-22',
'description': 'The Washington State Office of the Attorney General reported '
'a data breach involving Eye Care Leaders on April 22, 2022. '
'The breach occurred on December 4, 2021, and potentially '
'affected the medical information of 19,092 EvergreenHealth '
'patients due to unauthorized access to the myCare Integrity '
'electronic medical record platform. The specific types of '
'compromised information included names, dates of birth, and '
'medical information; however, no financial information was '
'involved.',
'impact': {'data_compromised': ['names',
'dates of birth',
'medical information'],
'identity_theft_risk': 'Potential (due to PII exposure)',
'payment_information_risk': 'None (no financial information '
'involved)',
'systems_affected': ['myCare Integrity electronic medical record '
'platform']},
'references': [{'date_accessed': '2022-04-22',
'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (likely)'],
'regulatory_notifications': 'Washington State '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via Washington '
'State Office of the Attorney General'},
'title': 'Eye Care Leaders Data Breach Affecting EvergreenHealth Patients',
'type': 'Data Breach'}