Their press release of today, via BusinessWire:
Randleman Eye Center is taking action after becoming aware of an incident in which some of our systems were accessed by an unauthorized person. While there is no evidence that suggests that any data was actually taken, we have notified individuals for whom we have contact information if their information may have been affected.
WHAT HAPPENED
On January 13, 2020 we became aware that beginning on or around January 10, 2020 malware was introduced by an unknown third-party into some of our systems. This malware encrypted certain files, including on a server that contained patient protected health information. The affected data may include first and last name, date of birth, gender, and digital retinal images. There is currently no evidence that suggests this malware incident actually resulted in the acquisition of any personal information beyond its encryption, but that possibility cannot be conclusively ruled out.
WHAT WE ARE DOING
We have taken steps to address this incident and to protect patients’ personal information from further unauthorized access, including by working diligently to contain the malware, and engaging a third-party forensics firm to investigate the scope and source of the incident. We continue to work on ways to mitigate the risk of future such incidents. Out of an abundance of caution, we are providing patients that may have been affected by this incident with one year of credit monitoring services at no cost to them.
WHAT YOU CAN DO
We encourage our patients to remain vigilant over the coming months and regularly review their bank and other financial account statements, as well as their credit report. Patients that have any reason to believe that they may be the victim of identity theft, or notice any suspicious activity on any of their accounts, should immediately notify the relevant institution, their local law enforcement agency, their state’s Attorney General, and the Federal Trade Commission.