Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: Ilumin notifies OCR of data security incident

Arkfeld, Parson, and Goldstein, P.C., doing business as Ilumin, notified, on 29 April 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 14,984 individuals. In particular, Ilumin explained that it had discovered a data breach by its business associate and electronic medical record provider, Eye Care Leaders ('ECL'), which experienced a cyber attack that resulted in the unauthorised access to its databases and files. Moreover, Ilumin stated that ECL had started an investigation, which concluded that the information impacted includes full names, demographic information (such as addresses and dates of birth), driver's license numbers, insurance information, and clinical information (such as diagnosis/condition, physician's names, treatment information, medications, and procedures).

Lastly, Ilumin detailed that after learning of the attack, ECL took a number of important steps to prevent similar incidents from occurring in the future, such as reviewing access controls, updating data storage security procedures, and strengthening network protections.

You can access details on the OCR portal here and read the notice here.