DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Reeve-Woods Eye Center notifies 30,000 patients after malware discovered on computers

Posted on December 16, 2014 by Dissent

One of the recent additions to HHS’s public breach tool involves a breach at Reeve-Woods Eye Center in California.

In a November 12th notification letter to those affected, they write:

Dear Patient or Patient’s Personal Representative,

I am writing on behalf of Reeve-Woods Eye Center (the “Eye Center”), which is an eye clinic with two facilities: (1) 460 W. East Avenue, Suite 110, Chico, California 95926; and (2) 6009 Pentz Road, Paradise, California 95969. We recently discovered a security breach of the Eye Center’s computer systems that may have compromised the privacy of patients’ personal health information. We are sending this letter to you to notify you of a possible breach of your personal information as part of our commitment to patient privacy.

On September 17, 2014, our information technology consultant discovered that unknown individuals had breached the Eye Center’s server and installed malware on two computers, one at each facility. The malware was capturing screenshots (i.e., a copy or image of what is seen on a computer screen at a given time) which included patients’ protected health information. We suspect the malware may have been installed in or around August 2014. The following is a non-exhaustive list of the types of information about patients that may have been accessed: name; social security number; date of birth; home address; phone numbers; dates of service; Medi-Cal ID number, Medicare ID number, and/or other insurance information; information regarding Medi-Cal appeals; diagnosis codes; treatment information; and medical history.

As of the date of this notice, we have not seen any evidence that shows patients’ information was actually viewed or otherwise utilized by a third party. Our investigation, however, is ongoing, and we may uncover evidence your personal information was inappropriately accessed. We are alerting all of our current and former patients about the security breach and ongoing investigation. In addition to heightening our computer system’s security, we have ensured that the malware was removed from our computers and will be providing additional training to our staff concerning the protection of patient information. We have not yet identified the individuals responsible for this, but we have notified federal law enforcement and are taking further steps to avoid any future breaches of our computer systems.

[…]

A copy of the full notification letter is available on the California Attorney General’s web site (pdf).

According to their notification to HHS, 30,000 patients were potentially affected by this breach.

Category: Uncategorized

Post navigation

← Guardians of Peace issue first “Christmas Gift” and a warning
Fairfax County Notice: Unauthorized Vendor Release of Personal and Medical Information →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.