On October 24, 2020, Harvard Eye Associates experienced a data breach reported by the California Office of the Attorney General on February 16, 2021. The incident involved unauthorized access to sensitive patient information, exposing details such as names, addresses, phone numbers, email addresses, dates of birth, medical history, health insurance information, and medications. While no Social Security numbers or financial data were compromised, the breach impacted approximately 900 individuals. The exposed data primarily included personal and medical records, raising concerns about privacy violations and potential misuse of health-related information. The breach did not involve ransomware or financial theft but highlighted vulnerabilities in safeguarding patient confidentiality. The company likely faced reputational damage and regulatory scrutiny due to the exposure of protected health information (PHI), necessitating notifications to affected individuals and possible remediation measures to prevent future incidents.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-538038
TPRM report: https://www.rankiteo.com/company/harvardeye
"id": "har415082125",
"linkid": "harvardeye",
"type": "Breach",
"date": "10/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '900',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Harvard Eye Associates',
'type': 'Healthcare Provider'}],
'data_breach': {'data_exfiltration': 'Yes (unauthorized access)',
'number_of_records_exposed': '900',
'personally_identifiable_information': 'Yes (names, '
'addresses, phone '
'numbers, email '
'addresses, dates of '
'birth)',
'sensitivity_of_data': 'High (includes medical history and '
'health insurance details)',
'type_of_data_compromised': ['PII (Personally Identifiable '
'Information)',
'PHI (Protected Health '
'Information)']},
'date_detected': '2020-10-24',
'date_publicly_disclosed': '2021-02-16',
'description': 'On February 16, 2021, the California Office of the Attorney '
'General reported a data breach involving Harvard Eye '
'Associates that occurred on October 24, 2020. The breach '
'involved unauthorized access to patient information, '
'including names, addresses, phone numbers, email addresses, '
'dates of birth, medical history, health insurance '
'information, and medications, though no social security '
'numbers or financial information were compromised. '
'Approximately 900 individuals may have been affected by this '
'breach.',
'impact': {'data_compromised': ['names',
'addresses',
'phone numbers',
'email addresses',
'dates of birth',
'medical history',
'health insurance information',
'medications'],
'identity_theft_risk': 'Low (no SSNs or financial data '
'compromised)',
'payment_information_risk': 'None'},
'references': [{'date_accessed': '2021-02-16',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (likely, given PHI '
'exposure)',
'California Consumer '
'Privacy Act (CCPA)'],
'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at Harvard Eye Associates',
'type': 'Data Breach'}