Retina Group of Florida, an ophthalmology practice with 22 locations, suffered a major data breach affecting 152,691 patients. The incident, classified as a hacking attack, exposed highly sensitive personally identifiable information (PII) and protected health information (PHI), including names, addresses, dates of birth, Social Security numbers, driver’s license copies, health insurance details, medical records, and payment data. The breach significantly elevates risks of identity theft, financial fraud, and misuse of health data, as the exposed information can be exploited for malicious purposes. The company disclosed the incident to the U.S. Department of Health and Human Services (HHS) on September 3, 2025, and is notifying affected patients via mail. The severity stems from the large-scale compromise of critical patient data, which could lead to long-term reputational damage, legal repercussions, and financial losses for both the organization and its patients.
Source: https://www.claimdepot.com/data-breach/retina-group-of-florida-2025
TPRM report: https://www.rankiteo.com/company/retina-group-of-florida
"id": "ret5792457091025",
"linkid": "retina-group-of-florida",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '152,691 patients',
'industry': 'Ophthalmology / Eye Care',
'location': 'Florida, USA',
'name': 'Retina Group of Florida',
'size': '22 locations',
'type': 'Healthcare Provider'}],
'attack_vector': 'Hacking',
'customer_advisories': ['Review breach notices carefully',
'Monitor for identity theft',
'Consider credit freezes or fraud alerts',
'Avoid sharing personal information in response to '
'unsolicited contacts'],
'data_breach': {'data_exfiltration': 'Likely (based on exposed data types)',
'number_of_records_exposed': '152,691',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of Birth',
'Social Security '
'Numbers',
"Driver's License "
'Copies',
'Health Insurance '
'Information',
'Medical Records',
'Payment Information'],
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'payment info)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2025-09-03',
'description': 'Retina Group of Florida, an eye care medical group with 22 '
'locations, experienced a major data breach compromising '
'sensitive information of at least 152,691 patients. The '
'breach exposed personally identifiable information (PII) and '
'protected health information (PHI), including names, '
"addresses, dates of birth, Social Security numbers, driver's "
'license copies, health insurance information, medical '
'records, and payment information. The incident was disclosed '
'as a hacking event, increasing risks of identity theft, '
'financial fraud, and misuse of sensitive health data.',
'impact': {'brand_reputation_impact': 'High (risk of identity theft, '
'financial fraud, and misuse of '
'sensitive health data)',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)',
'Names',
'Addresses',
'Dates of Birth',
'Social Security Numbers',
"Driver's License Copies",
'Health Insurance Information',
'Medical Records',
'Payment Information'],
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Disclosed; ongoing (assumed)',
'recommendations': ['Monitor financial accounts and credit reports for signs '
'of identity theft',
'Place fraud alerts or credit freezes with major credit '
'bureaus',
'Be cautious of unsolicited emails or phone calls '
'requesting personal information'],
'references': [{'source': 'Retina Group of Florida Breach Notice (via Claim '
'Depot)'},
{'source': 'Retina Group of Florida Website'}],
'regulatory_compliance': {'regulations_violated': ['Likely HIPAA (Health '
'Insurance Portability and '
'Accountability Act)'],
'regulatory_notifications': ['U.S. Department of '
'Health and Human '
'Services (HHS)',
'State regulators '
'(unspecified)']},
'response': {'communication_strategy': ['Notification to affected patients '
'via mail',
'Disclosure to U.S. Department of '
'Health and Human Services (HHS)',
'State and federal regulatory '
'disclosures']},
'stakeholder_advisories': ['Patient notifications via mail',
'Public disclosure to HHS and state regulators'],
'title': 'Retina Group of Florida Data Breach (2025)',
'type': 'Data Breach'}