Eyemart Express posted a notice of breach in local media:
Farmers Branch, Texas, March 21, 2021 — Eyemart Express, LLC has discovered it was targeted by a cyber attack that affected certain Eyemart Express email accounts. Importantly, the attack did not affect Eyemart Express’ internal systems that store medical or billing records. Once the incident was discovered on December 11, 2020, Eyemart Express immediately took steps to stop the attack and conducted a thorough investigation of the incident. The investigation revealed that the unauthorized actor accessed limited personal information for a small number of Eyemart Express customers. The information included names, e-mail addresses, and the subject lines of email communications between Eyemart Express and those customers, such as email subject lines regarding eye exam appointments and eyeglass order status updates. Eyemart Express notified all those affected customers by letter. There is no evidence at this time that the incident, which began on August 21, 2020, affected additional customers or additional personal information, but we learned that the unauthorized actor may have been capable of obtaining additional personal information located in certain email accounts. Therefore, in order to be as transparent as possible, Eyemart Express is providing this general notice to all customers. Eyemart Express customers with questions about the incident may call 855-654-0481 toll-free for additional information, Monday through Friday, 8:00 a.m. to 8:00 p.m. CT. Eyemart Express provides eyewear at over 200 locations nationwide, and also does business as Eyewear Express, Vision 4 Less, and Visionmart Express.
Source: Waco Tribune
Comment: This seems to be a reportable HIPAA breach, so we may see it on HHS’s public breach tool at some point.