Orem Eye Clinic Hit by Ransomware Attack, Exposing PHI of Nearly 6,000 Patients
Orem Eye Clinic, an optometry practice in Orem, Utah, suffered a ransomware attack in early 2026, compromising the protected health information (PHI) of approximately 5,800 individuals. The breach was first publicly disclosed on January 26, 2026, when the ransomware group NightSpire claimed on the dark web to have exfiltrated 1 terabyte of data from the clinic.
While the exact timeline of the attack and its discovery remains unclear, the stolen data may include names, addresses, dates of birth, Social Security numbers, medical records, diagnoses, treatment histories, prescription details, health insurance information, and billing records. The clinic reported the incident to the U.S. Department of Health and Human Services (HHS) on March 19, 2026, though further specifics about the compromised data have not been released.
Affected patients were advised to contact Orem Eye Clinic directly for additional details. The full scope of the breach and its potential impact on individuals are still under investigation.
Source: https://www.claimdepot.com/data-breach/orem-eye-clinic-2026
Orem Eye Clinic cybersecurity rating report: https://www.rankiteo.com/company/orem-eye-clinic
"id": "ORE1778538535",
"linkid": "orem-eye-clinic",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5800',
'industry': 'Healthcare',
'location': 'Orem, Utah, USA',
'name': 'Orem Eye Clinic',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Affected patients were advised to contact Orem Eye '
'Clinic directly for additional details.',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '5800',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of Birth',
'Social Security '
'Numbers',
'Medical Records',
'Diagnoses',
'Treatment Histories',
'Prescription Details',
'Health Insurance '
'Information',
'Billing Records'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2026-01-26',
'description': 'Orem Eye Clinic, an optometry practice in Orem, Utah, '
'suffered a ransomware attack in early 2026, compromising the '
'protected health information (PHI) of approximately 5,800 '
'individuals. The breach was first publicly disclosed on '
'January 26, 2026, when the ransomware group NightSpire '
'claimed on the dark web to have exfiltrated 1 terabyte of '
'data from the clinic. The stolen data may include names, '
'addresses, dates of birth, Social Security numbers, medical '
'records, diagnoses, treatment histories, prescription '
'details, health insurance information, and billing records.',
'impact': {'data_compromised': '1 terabyte', 'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Incident Disclosure'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': ['U.S. Department of '
'Health and Human '
'Services (HHS) '
'reported on '
'2026-03-19']},
'threat_actor': 'NightSpire',
'title': 'Orem Eye Clinic Hit by Ransomware Attack, Exposing PHI of Nearly '
'6,000 Patients',
'type': 'Ransomware'}