Carolina Eyecare Physicians Notifies Patients of Third-Party Data Security Incident

Carolina Eyecare Physicians has recently become aware that a third party data security incident may have resulted in unauthorized access to the sensitive personal information of some of our patients. In 2021, Carolina Eyecare Physicians was using the electronic medical records platform “myCare Integrity,” which was provided by the practice performance company Eye Care Leaders (“ECL”). This incident has affected eye care practices across the country, and is not specific to Carolina Eyecare Physicians. There is no evidence of any attempted or actual misuse of any personal information. However, out of an abundance of caution, Carolina Eyecare Physicians is notifying, via mail, any patient whose information may have been stored on the myCare Integrity system at the time of a data security incident, and is providing resources to help protect potentially affected individuals. This data security incident occurred entirely within Eye Care Leaders’ network environment, and there were no other remedial actions available to Carolina Eyecare Physicians.

According to Eye Care Leaders, on or around December 4, 2021, an unauthorized party accessed myCare Integrity data and deleted databases and system configuration files. According to Eye Care Leaders, upon identifying the activity, Eye Care Leaders’ incident response team immediately stopped the unauthorized access and began investigating the incident. Notably, there was no evidence that this incident involved unauthorized access to any of Carolina Eyecare Physicians’ patient records.

On April 19, 2022, ECL completed its investigation and stated that a lack of available forensic evidence prevented Eye Care Leaders from ruling out the possibility that some protected health information and personally identifiable information may have been exposed to the bad actor. As stated above, there was no evidence that this information was actually accessed by the bad actor.

As of this writing, Carolina Eyecare Physicians has not received any reports of identity theft related to this incident. However, in the interest of complete transparency, the information present during the period of unauthorized access may have included our patients’ name, address, date of birth, diagnostic information, and health insurance information.

On June 16, 2022, Carolina Eyecare Physicians began sending written notifications to individuals whose personal information or protected health information was contained in the potentially accessed or acquired files for whom it has contact information. Carolina Eyecare Physicians has also arranged for complimentary identity theft protection services for those individuals. Notified individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. In addition, Carolina Eyecare Physicians is providing a toll free number, 1 (855) 503-1858, Monday through Friday 9:00 a.m. to 6:30 p.m. Eastern Time, excluding all major U.S. Holidays., if any current or former patients have questions.

Carolina Eyecare Physicians sincerely regrets any inconvenience or concern that this matter may cause, and remains dedicated to ensuring the privacy and security of all information in our control.