[BreachExchange] Eye Care Associates targeted in ransomware attack

Destry Winant destry at riskbasedsecurity.com
Fri Aug 16 08:46:05 EDT 2019


The Valley's largest optometry practice, Eye Care Associates, Inc.,
was hit with a ransomware attack on July 28 at 4 a.m.

According to the Federal Trade Commission, ransomware is malicious
computer software that uses encryption tools to take data hostage or
denies users access until a ransom is paid.

All Eye Care Associates locations have been and continue to remain
open during the situation.

Director of Community Relations and Practice Development, Stephanie
Champlin, said no patient information was compromised in the attack,
and all of their data is backed up.

Because no patient information was accessed, Eye Care Associates has
not notified their patients of the ransomware attack.

Champlin said the main issue they have encountered is with their
scheduling system, which has made it difficult for patients to make
appointments and employees currently have limited access to the

"During this time, we remain committed to ensuring excellence in
patient care. We are continuing to see regularly scheduled patients as
well as patients that have unexpected changes in their vision. Also,
our EyeWear Galleries are continuing to meet the eye care needs of our
patients," she said.

Director of Operations, Mary Sierra, filed a police report with the
Beaver Township Police Department the day after the attack.

She reported a ransom malware program had locked them out of their
system until an unknown amount was paid.

According to the police report, Ron Lipinski, supervisor for Global
Business Solutions Corp., Eye Care Associates' third party IT company
responsible for their data backups, advised a Trojan virus had been
sent to an employee's email, proceeded to lock all users out of the
system and "the Trojan appears to have originated from North Korea."

The investigation into the attack has since been turned over to the FBI.
Eye Care Associates hopes to be back up and running by the end of the week.
“We want to apologize to patients attempting to schedule appointments.
However, we are taking every precaution to protect every record.
Although it is taking some time to do this, we chose the security of
our patient information over quick business recovery,” Champlin said.

More information about the BreachExchange mailing list