The IT Nerd

Ophthalmology practice Texas Retina Associates yesterday notified nearly 300,000 customers about a data breach earlier in the year that compromised names, Social Security numbers, medical info, health insurance info, addresses, and dates of birth:

On June 26, 2024, Texas Retina Associates (“Texas Retina”) filed a notice of data breach with the Attorney General of Texas after discovering that confidential information that had been entrusted to the company was subject to unauthorized access. In this notice, Texas Retina explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, addresses, medical information, health insurance information and dates of birth. Upon completing its investigation, Texas Retina began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

Rogier Fischer, CEO and Co-Founder, Hadrian had this to say:

“We don’t have the specific details on the cause of breach or the impact of it, but based on the cases that we handled in the US, we see several issues firms in the US, particularly Texas, could face in such a situation. If a data breach occurs at a Texas-based firm, the Texas Business and Commerce Code mandates that the firm must notify affected individuals immediately. If over 250 residents are affected, the Texas Attorney General must also be informed. HIPAA rules come into play if any medical information was compromised, as in this case. The HIPPA provisions demand specific notifications and call for potential penalties on non-compliance.

The business or organization in question may face scrutiny from the FTC if their data security measures are deemed inadequate. Possible penalties in that case include fines, civil damages, and orders to improve our security protocols. Apart from the regulatory compliance issues, the organization could face potential class action lawsuits from affected individuals, citing negligence or breach of privacy. In this particular case, the Texas Attorney General could also pursue legal action, leading to civil penalties and mandated corrective actions.There are several steps to mitigate the damage in these situations, but adopting an offensive cybersecurity strategy is the best defense of all. Automated penetration testing keeps the organization a step ahead of their peers, while automated compliance and reporting ensures that the systems they have in place are up and updated all the time.”

I think it’s a pretty safe bet that Texas Retina Associates are about to come under a lot of scrutiny over this….. Whatever this is as details are pretty scarce. I hope they have answers for all the questions that they’ve about to be asked.

This entry was posted on June 28, 2024 at 1:29 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.