In October 2023, Retina Group of Washington (RGW), a healthcare provider in the Washington, D.C. area, suffered a cyber breach where hackers infiltrated its corporate network and exfiltrated protected health information (PHI) and personally identifiable information (PII) of approximately 450,000 patients. The compromised data included patient names, Social Security numbers, driver’s license details, payment information, and health insurance records. The breach stemmed from RGW’s alleged failure to implement basic security measures, such as encryption of sensitive data and defensible deletion policies for outdated records.The incident led to a class-action lawsuit, with plaintiffs arguing that RGW neglected its duty to safeguard sensitive information. The case proceeded to a settlement in July 2025, where RGW agreed to pay $300 per affected individual, provide two years of credit/identity monitoring, and enforce mandatory cybersecurity reforms. These included employee training programs, password complexity policies, written security protocols, and recurring audits. The breach not only resulted in financial and reputational damage but also exposed RGW to litigation costs, regulatory scrutiny, and operational disruptions, underscoring the critical need for proactive information governance in healthcare.
Source: https://www.jdsupra.com/legalnews/safeguarding-the-corporate-network-2695132/
TPRM report: https://www.rankiteo.com/company/retina-group-of-washington
"id": "ret2300223093025",
"linkid": "retina-group-of-washington",
"type": "Breach",
"date": "10/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '450,000 patients',
'industry': 'Healthcare (Ophthalmology)',
'location': 'Washington, D.C. area, USA',
'name': 'Retina Group of Washington (RGW)',
'type': 'Healthcare Provider'}],
'attack_vector': ['Phishing (suspected, based on U.K. government report '
'context)',
'Unauthorized network penetration'],
'customer_advisories': 'Settlement website for class members (details on '
'compensation and monitoring services)',
'data_breach': {'data_encryption': 'No (lack of encryption cited in '
'complaint)',
'data_exfiltration': 'Confirmed (records stolen by hackers)',
'number_of_records_exposed': '450,000',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Driver’s license '
'numbers',
'Payment information',
'Health insurance '
'details'],
'sensitivity_of_data': 'High (SSNs, driver’s licenses, '
'payment/health insurance details)',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Personally Identifiable '
'Information (PII)']},
'date_detected': '2023-10',
'date_resolved': '2025-07-25',
'description': 'In October 2023, the Retina Group of Washington (RGW) '
'experienced a data breach where hackers penetrated its '
'corporate network and stole records containing protected '
'health information (PHI) and personally identifiable '
'information (PII) of approximately 450,000 patients. The '
'stolen data included patient names, social security numbers, '
'driver’s license information, payment details, and health '
'insurance information. The breach led to litigation, '
'culminating in a settlement approved by a Maryland federal '
'court on July 25, 2025. The settlement included financial '
'compensation for affected individuals, credit monitoring '
'services, and mandatory governance reforms for RGW, such as '
'implementing a written information security policy, '
'cybersecurity training, password complexity requirements, and '
'recurring audits.',
'impact': {'brand_reputation_impact': 'Significant (settlement included '
'governance reforms to restore trust)',
'customer_complaints': 'Class-action lawsuits filed by affected '
'patients',
'data_compromised': ['Patient names',
'Social Security numbers',
'Driver’s license information',
'Payment information',
'Health insurance details'],
'financial_loss': {'credit_monitoring_costs': '2 years of credit '
'and identity theft '
'monitoring services '
'for affected '
'individuals',
'settlement_costs': '$300 per class member + '
'additional compensation '
'for time spent + '
'attorney’s fees (exact '
'total undisclosed)'},
'identity_theft_risk': 'High (stolen PII/PHI exposed patients to '
'identity theft)',
'legal_liabilities': 'Class-action litigation (In re Retina Group '
'of Washington Data Security Incident '
'Litigation, No. DKC 24-0004)',
'operational_impact': 'Litigation expenses, reputational harm, '
'mandatory governance reforms',
'payment_information_risk': 'High (payment details compromised)',
'systems_affected': 'Corporate network (specific systems '
'undisclosed)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely (given nature of '
'stolen data)',
'high_value_targets': 'Patient PHI/PII (SSNs, '
'payment data)'},
'investigation_status': 'Resolved (settlement approved)',
'lessons_learned': ['Proactive information governance (encryption, defensible '
'deletion, training) reduces breach impact and litigation '
'costs.',
'Courts increasingly allow breach lawsuits to proceed, '
'emphasizing the need for pre-breach governance.',
'Employee ignorance is a major attack vector; training '
'and policies mitigate risks.',
'Settlements often mandate governance reforms, signaling '
'prior deficiencies.'],
'motivation': 'Likely financial (data theft for identity fraud or sale on '
'dark web)',
'post_incident_analysis': {'corrective_actions': ['Written information '
'security policy with '
'employee acknowledgment',
'Mandatory cybersecurity '
'training (annual + '
'updates)',
'Password complexity '
'requirements',
'Recurring security policy '
'audits'],
'root_causes': ['Lack of encryption for sensitive '
'data',
'No defensible deletion policy for '
'outdated data',
'Inadequate employee training on '
'phishing/ransomware risks',
'Weak password policies']},
'recommendations': ['Implement encryption for data in transit and at rest.',
'Adopt defensible deletion programs to reduce exposed '
'data.',
'Mandate cybersecurity training (new hires + annual '
'refreshers).',
'Enforce password complexity tied to access levels.',
'Conduct recurring audits of security policies.',
'Budget for governance measures as a long-term ROI '
'strategy.'],
'references': [{'source': 'HaystackID (via Phil Favro, Favro Law PLLC)'},
{'source': 'In re Retina Grp. of Washington Data Sec. Incident '
'Litig., No. DKC 24-0004, 2025 WL 2030241 (D. Md. '
'July 21, 2025)'},
{'source': 'Savidge v. Pharm-Save, Inc., No. 3:17-CV-186-CHB, '
'2025 WL 964446 (W.D. Ky. Mar. 31, 2025)'},
{'source': 'Ramirez v. Paradies Shops, LLC, 69 F.4th 1213 '
'(11th Cir. 2023)'},
{'source': 'U.K. Government Report on Ransomware (referenced '
'in article)'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuit (settled '
'with governance reforms)'},
'response': {'communication_strategy': 'Settlement website for class members '
'(details on rights and remedies)',
'recovery_measures': ['$300 compensation per class member',
'Additional compensation for time spent '
'addressing breach issues',
'2 years of credit/identity theft '
'monitoring services'],
'remediation_measures': ['Written information security policy '
'(mandatory employee acknowledgment)',
'Mandatory cybersecurity education '
'program (new hires + annual training + '
'periodic updates)',
'Password complexity policy tied to '
'access levels',
'Recurring audits of data security '
'policies']},
'title': 'Retina Group of Washington Data Security Incident',
'type': 'Data Breach',
'vulnerability_exploited': ['Lack of encryption for sensitive data',
'Absence of defensible deletion policies',
'Inadequate employee training on cybersecurity '
'risks',
'Weak password policies']}