DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Rundle Eye Care notifies patients of data breach

Posted on January 21, 2023 by Dissent

At some time before or in early October, the Everest Ransom Team hacked Rundle Eye Care in California. On January 11, Drs. Keith and Herman Rundle notified patients and the California Attorney General’s Office about the incident.

In their notification, the doctors do not reveal precise dates of the attack or its discovery but claim that they recently

detected and stopped a network security incident. An unauthorized third party temporarily gained access to our network environment. Although we have found no evidence that your information has been specifically misused as a result of the incident, an investigation revealed that the following categories of your information which may have been exposed: name, date of birth, and treatment information.

Their notification to patients is dated approximately three months after the attack. And although the notification claims patient data “may have been exposed,” it does not tell patients their data was actually stolen and leaked publicly back in October.

Listing by Everest ransomware names Rundle Eye Care.
This listing appeared on Everest’s dark web leak site in early October 2022.

Everest’s listing on its leak site in early October claimed they acquired 30 GB of data from Rundle, including patient information. The listing also stated, “The owners of the company were notified of the incident in person and of the time frame. The company should contact us soon, otherwise more data will be released.”

According to Everest, then, the doctors knew back in October that the incident involved more than just exposure.

Whether Rundle’s physicians ever contacted Everest or not is unknown to DataBreaches, but on October 25, Everest leaked 20 GB of data on a well-known hacking forum accessible on the clear net and the dark web.

Screenshot of listing on hacking forum that offers data from Rundle Eye Care.
On October 25, Everest leaked data from Rundle Eye Care. Those files are no longer available at the free upload site but were at the time.

As of publication, there is no listing for this incident on HHS’s public breach tool and the total number of patients affected is unknown.

DataBreaches reached out to Everest Team to ask whether they had encrypted any of the files (they usually do not encrypt) and whether they had leaked all of the data they had exfiltrated. This post will be updated when a reply is received.

Update: On February 3, this incident was added to HHS’s breach tool with a submission date of January 12, 2023. The doctors reported that 7,528 patients were affected.

Related posts:

  • Mass. Eye and Ear Alerts Patients to Laptop Theft and Data Breach
  • Operation Anti Security Breakdown and targets, the full time line
  • BUSTED? A blackhat’s revenge exposes a 2-year old patient data hack that Holland Eye Surgery & Laser Center failed to disclose
Category: Breach IncidentsHack

Post navigation

← BlackCat adds NextGen to its leak site, but …. where did it go?
TSA ‘no fly’ list leaked after being found on unsecured airline server →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.