Lawyers for Redwood Eye Center in Vallejo, California have notified the California Attorney General’s Office that on September 20, the eye center was alerted to a ransomware attack on their EMR hosting vendor, IT Lighthouse. The incident resulted in some patient information being locked up, including names, addresses, dates of birth, health insurance information, and medical treatment information. The notification does not indicate the type of ransomware involved.
Both the vendor and eye center retained expert help to address the incident and restore access to patient records. Although the center is not aware of any risk to patient data as a result of the incident, they notified 16,055 California patients, and we may also see this incident reported to HHS. It is not clear from their external counsel’s letter whether any non-California residents were also affected by the ransomware attack, and if so, how many.
As part of their response to the incident, REC appears to have switched hosting vendors.