USA: Ilumin notifies OCR of data security incident
Arkfeld, Parson, and Goldstein, P.C., doing business as Ilumin, notified, on 29 April 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 14,984 individuals. In particular, Ilumin explained that it had discovered a data breach by its business associate and electronic medical record provider, Eye Care Leaders ('ECL'), which experienced a cyber attack that resulted in the unauthorised access to its databases and files. Moreover, Ilumin stated that ECL had started an investigation, which concluded that the information impacted includes full names, demographic information (such as addresses and dates of birth), driver's license numbers, insurance information, and clinical information (such as diagnosis/condition, physician's names, treatment information, medications, and procedures).
Lastly, Ilumin detailed that after learning of the attack, ECL took a number of important steps to prevent similar incidents from occurring in the future, such as reviewing access controls, updating data storage security procedures, and strengthening network protections.