Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
USA: Ilumin notifies OCR of data security incident
Arkfeld, Parson, and Goldstein, P.C., doing business as Ilumin, notified, on 29 April 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 14,984 individuals. In particular, Ilumin explained that it had discovered a data breach by its business associate and electronic medical record provider, Eye Care Leaders ('ECL'), which experienced a cyber attack that resulted in the unauthorised access to its databases and files. Moreover, Ilumin stated that ECL had started an investigation, which concluded that the information impacted includes full names, demographic information (such as addresses and dates of birth), driver's license numbers, insurance information, and clinical information (such as diagnosis/condition, physician's names, treatment information, medications, and procedures).
Lastly, Ilumin detailed that after learning of the attack, ECL took a number of important steps to prevent similar incidents from occurring in the future, such as reviewing access controls, updating data storage security procedures, and strengthening network protections.
You can access details on the OCR portal here and read the notice here.