Laurel Eye Clinic Data Breach Exposes Sensitive Information of Over 42,000 Individuals
Laurel Eye Clinic, a Pennsylvania-based ophthalmology and optometry practice with multiple locations, disclosed a data breach affecting 42,295 individuals across the U.S. The incident was first detected on January 26, 2025, when the clinic experienced a network disruption. Upon identifying suspicious activity, the organization immediately isolated its systems and engaged a third-party cybersecurity firm to investigate.
By March 6, 2025, forensic analysis confirmed that unauthorized access had occurred, with files containing sensitive data exfiltrated. A full review of the compromised information was completed on October 30, 2025, though notification efforts were delayed as the clinic verified affected individuals’ identities and contact details. Final notifications were sent via U.S. mail beginning April 22, 2026, more than a year after the breach was discovered.
The exposed data includes personally identifiable information (PII) such as names, dates of birth, Social Security numbers, driver’s licenses, and financial account details. Additionally, protected health information (PHI) including medical treatment records, health insurance account numbers, and provider details was compromised. The specific data types varied by individual.
State filings indicate that 22 Maine residents, 4 New Hampshire residents, and 37 Massachusetts residents were among those affected.
In response, Laurel Eye Clinic is offering 12 months of complimentary credit monitoring, fraud assistance, and identity theft restoration services through Cyberscout (a TransUnion company). Affected individuals must enroll within 90 days of receiving their notification letter, which includes a unique activation code. Support is available via a dedicated hotline (1-833-289-9962) or direct contact with the clinic.
The breach underscores the prolonged timeline between detection and notification in cybersecurity incidents, as well as the risks posed by unauthorized access to both financial and medical data.
Source: https://www.claimdepot.com/data-breach/laurel-eye-clinic-2026
Laurel Eye Clinic cybersecurity rating report: https://www.rankiteo.com/company/laurel-eye-clinic
"id": "LAU1777069794",
"linkid": "laurel-eye-clinic",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '42295',
'industry': 'Ophthalmology and Optometry',
'location': 'Pennsylvania, USA',
'name': 'Laurel Eye Clinic',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': '12 months of complimentary credit monitoring, fraud '
'assistance, and identity theft restoration services '
'through Cyberscout (TransUnion). Enrollment required '
'within 90 days of notification. Support hotline: '
'1-833-289-9962.',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '42295',
'personally_identifiable_information': ['Names',
'Dates of birth',
'Social Security '
'numbers',
'Driver’s licenses',
'Financial account '
'details',
'Health insurance '
'account numbers',
'Provider details'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-01-26',
'date_publicly_disclosed': '2026-04-22',
'description': 'Laurel Eye Clinic, a Pennsylvania-based ophthalmology and '
'optometry practice with multiple locations, disclosed a data '
'breach affecting 42,295 individuals across the U.S. The '
'incident involved unauthorized access and exfiltration of '
'sensitive data, including personally identifiable information '
'(PII) and protected health information (PHI).',
'impact': {'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High',
'operational_impact': 'Network disruption and isolation of systems',
'payment_information_risk': 'High',
'systems_affected': 'Network systems'},
'investigation_status': 'Completed',
'lessons_learned': 'Prolonged timeline between detection and notification in '
'cybersecurity incidents; risks posed by unauthorized '
'access to both financial and medical data.',
'post_incident_analysis': {'corrective_actions': 'Forensic analysis, data '
'review, and delayed '
'notification to verify '
"affected individuals' "
'identities and contact '
'details.',
'root_causes': 'Unauthorized access to network '
'systems'},
'recommendations': 'Offer credit monitoring, fraud assistance, and identity '
'theft restoration services to affected individuals.',
'references': [{'source': 'State filings and breach notification'}],
'response': {'communication_strategy': 'Notifications sent via U.S. mail',
'containment_measures': 'Isolated systems',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Forensic analysis and data review',
'third_party_assistance': 'Cybersecurity firm'},
'title': 'Laurel Eye Clinic Data Breach Exposes Sensitive Information of Over '
'42,000 Individuals',
'type': 'Data Breach'}