Wolfe Eye Clinic reveals cyber attack
Wolfe Eye Clinic announced Tuesday it will notify approximately 500,000 patients that their personal information may have been inappropriately accessed as a part of a cyber-related incident.
On Feb. 8, Wolfe Eye Clinic was the target of a deliberate cyberattack involving an unauthorized third-party attempting to gain entry to the company’s computer network and then blocking access to some systems and information. After detecting this incident, Wolfe Eye Clinic responded immediately and began a thorough investigation with assistance from independent IT specialists and forensic investigators to determine the scope and extent of access to the clinic’s systems and any sensitive information. The threat actors demanded a ransom, which was not paid. Given the complexity and scale of the cyberattack detected, the full scope of information potentially impacted was not fully realized until May 28.
“We take our responsibility to protect personal information in our control very seriously and apologize for any concern or inconvenience this may cause,” said Luke Bland, chief financial officer at Wolfe Eye Clinic. “We continue to closely monitor the situation and are committed to notifying past and present patients about what happened and what they can do to protect their information.”
The comprehensive forensic investigation into this incident concluded on June 8. To date, there have not been any reports of related identity theft since the incident occurred in February.
However, Wolfe Eye Clinic is notifying all potentially affected individuals, including employees and some vendors, about the possible unauthorized access to their personal information.
Wolfe Eye Clinic will begin sending notification letters via U.S. mail to potentially impacted individuals later this week. These letters include additional information about what occurred and outline what information that could have been exposed. Additionally, all potentially impacted individuals will be offered up to 12 months of credit monitoring and identity theft protection services through IDX.
A toll-free phone number and a dedicated website (https://response.idx.us/wolfe) have been established for individuals who have questions or concerns. The call center, which is run by IDX, can be reached at 1-833-909-3906 and is available 8 a.m. to 8 p.m., Monday through Friday. Information regarding this incident and the services being provided have also been posted on the Wolfe Eye Clinic website.
“Unfortunately, these types of cyber incidents have become all-too-common for health care providers of all sizes nationwide,” Bland said. “We recognize the significance of this incident and moved quickly to address it once we became aware of its occurrence.”