Spectrum Eye Physicians Data Breach Lawsuit

Consumer Protection Attorneys in California

As of May 19, 2022, Spectrum Eye Physicians (“Spectrum”) has been made aware of two separate events, each of which may constitute a potential breach of certain patient records and information that may be considered electronic Protected Health Information (“ePHI”) pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Both breaches involve the systems of Spectrum’s third-party vendor, Eye Care Leaders (“ECL”). The first potential breach resulted from a vulnerability in the Alta Payment Portal of ECL’s billing system. The second potential breach resulted from a ransomware attack on the databases of ECL’s electronic medical record (“EMR”) system.

On May 19, 2022, Spectrum received notice from ECL concerning a potential breach of certain Spectrum patient information that may be considered ePHI pursuant to HIPAA. The breach resulted from a vulnerability in the ECL Alta Payment Portal, a vulnerability which had actually been discovered by a patient of Spectrum (among others). Spectrum notified Alta Billing, the billing service subsidiary of ECL (“Alta”), that one of its patients contacted Spectrum to inform them that, when the patient made payment on the Alta Payment Portal, he/she was able to see the payment receipt of (what he/she assumed was) another patient. Spectrum immediately informed Alta of the information leakage on October 26, 2021. Alta assured Spectrum that it would investigate the issue and follow-up if it was determined that the vulnerability affected more than this single user. Spectrum did not hear further from Alta until the May 19, 2022 notice. According to the notice, immediately upon being alerted to this vulnerability in its payment system, Alta retained an incident response team to investigate and remedy the vulnerability. Upon investigation, the response team discovered that it was possible to alter the website URL for the Alta Payment Portal, which allowed for unauthorized access to the payment receipts for patients who paid through the portal.

What Information Was Involved?

Based on the investigation, Alta has found that the following types of information were potentially compromised as a result of the vulnerability:

(i) For credit card transactions – transaction date and time, transaction identification number, patient name, statement numbers, last four digits of the credit card used to process the transaction, the amount processed, an email address associated with the transaction, and information input by the user in a comments section; and

(ii) For bank account transactions – transaction data, patient name, transaction identification number, last four numbers of the bank account used in the transaction, an email address associated with the transaction, and information input by the user in a comments section.

(2) DATA BREACH: MYCARE INTEGRITY EMR

What Happened? On March 1, 2022, Spectrum received a Notice of Data Breach from ECL informing the practice of a potential breach of certain patient records and information that may be considered ePHI pursuant to HIPAA. The breach resulted from a ransomware attack on the databases of ECL’s myCare Integrity EMR system (the “Integrity EMR”). ECL has estimated the date of the information leakage to be December 4, 2021, but was unable to confirm that ePHI was involved until the March 1, 2022 notice. As of this writing, ECL continues investigating the ransomware attack in order to determine the exact scope of the data breach. It is possible that, although certain ePHI records were deleted, they may not have been accessed, used or disclosed through the ransomware attack. According to ECL, the containers in which the PHI databases are stored are protected by encryption. The database tables themselves, however, are not encrypted at rest. Therefore, ECL cannot confirm or deny whether the PHI was accessed. Until we are informed otherwise, we are presuming that a breach occurred and are writing to provide you with the information that we do have, as well as steps you can take to protect yourself from further harm (at the conclusion of this letter).

On or around December 4, 2021, cyber attacker(s) acquired “full access” to the Integrity EMR hosted on Amazon Web Services (“AWS”) and deleted certain databases and system configuration files, including those containing PHI. The evidence indicates that the attacker accessed the Integrity AWS environment and executed several “delete” commands on December 4, 2021, between 7:18 PM ET and 7:29 PM ET, followed by a break in activity, then another “delete” event occurred at approximately 10:13 PM ET. The attacker also executed several “discover” commands to locate files within the Integrity EMR. No other command actions were evidenced during the attack timeframe.

ECL detected the activity in less than twenty-four (24) hours and ECL’s incident response team contained and began investigating the incident immediately upon discovering it. ECL’s response team immediately disabled the attack instance, revoked access to it, and forced system password changes. ECL also updated and changed several additional security features within the environment. Shortly after stopping the attack, ECL also began efforts to restore deleted files and databases from backups to limit customer impact to the availability of its patients’ PHI. ECL identified and restored available backups for many of the deleted databases. Work is ongoing to determine whether the remaining, unrestored databases can or need to be restored.

What Information Was Involved?

As of this writing, due to the methods of the attack and the limited log evidence available, ECL’s incident response team is unable to limit the scope of data that may have been compromised. Although ECL investigators have not identified any evidence that PHI was acquired or transferred outside of the Integrity EMR, there is insufficient evidence to allow investigators to conclude that such acquisition and transfer could not have occurred during the attack. Further, ECL’s investigation to date has not revealed any evidence that allows ECL to determine which specific patient information or data within the Integrity EMR system was accessed. As such, ECL has informed Spectrum to assume that this attack impacted all ePHI that was stored on the Integrity EMR.

*If your data was compromised, Spectrum Eye Physicians will send you a notice letter. If you received notice that your information was stolen due to a data breach incident, contact Potter Handy, LLP to join our class action lawsuit. No out-of-pocket expenses from you.

(858) 293-4614 Call now to review your case with our Data Breach intake specialist. During this call, our intake specialist will review your claim regarding the Spectrum Eye Physicians Lawsuit. 

*HIPAA and CMIA Violations – You may be entitled to damages or other remedies. If you received notice that your information was stolen due to a data breach incident, contact Potter Handy, LLP to join our class action lawsuit. No out-of-pocket expenses from you.

View example of what the letter looks like. If you received this letter contact our Law Firm.


Consumers Are Entitled to the Highest Level of Security

While identity thieves are becoming more and more sophisticated in their attempts to circumvent businesses’ data protection measures, it is the responsibility of the business to provide the highest level of security possible for its customers and employees.

*If your data was compromised, Spectrum Eye Physicians will send you a notice letter.


Contact Our California Data Breach Lawyers

Have you received notification that your personal information has been stolen as a result of a data breach? If this is the case, you may be entitled to compensation or other remedies.

Our attorneys at Potter Handy, LLP have been instrumental in protecting privacy rights.

(858) 293-4614 Call now to review your case with our Data Breach intake specialist. During this call, our intake specialist will review your claim regarding the Spectrum Eye Physicians Lawsuit.