On February 14, 2025, Claris Vision Holdings, LLC disclosed a data breach affecting multiple affiliated vision care facilities. The breach occurred between July and August 2024, exposing patients’ Social Security numbers and medical records.
What happened
Claris Vision Holdings recently filed a data breach notice with the Attorney General of Massachusetts after discovering that an unauthorized party accessed parts of its computer network.
Claris Vision first detected a potential security incident in mid-2024 and launched an internal investigation to determine the extent of the breach. The findings confirmed that unauthorized access occurred between July 10, 2024, and August 5, 2024. The organization completed its investigation in December 2024, assessing the impact on patients.
Subsequently, on February 14, 2025, Claris Vision sent formal data breach notifications to the affected individuals.
Going deeper
This data breach compromises patients’ data from multiple affiliated facilities, including:
- Eye Health Associates Inc.,
- Eye Health Associates of RI Inc.,
- Koch Eye Associates LLP,
- Candescent Eye Surgicenter LLC (dba St. James Surgery Center),
- Candescent Eye Health Surgicenter LLC (dba Greater New Bedford Surgery Center).
What was said
The Claris Vision breach notification letter states, “While we have no evidence of financial fraud or identity theft related to this data, we want to make you aware of the incident.”
The organization adds, “To protect you from potential misuse of your information, we are offering a complimentary 24-month membership of Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services at no charge.”
Why it matters
The Claris Vision data breach impacts multiple healthcare entities, each with its own patient network, amplifying its severity and ultimately affecting thousands across different practices and clinics.
The bottom line
Individuals who receive a data breach notification from Claris Vision must review the letter to understand what specific information was exposed. They should also enroll in the complimentary 24-month credit monitoring service provided and regularly check their financial and medical records for suspicious activity.
FAQs
What is a data breach?
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
See also: How to respond to a data breach
What should individuals do if their data has been compromised?
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
How can healthcare organizations prevent breaches?
They can adopt measures like multi-factor authentication, regular audits, employee training, and advanced encryption methods to protect patient data.
Learn more: HIPAA Compliant Email: The Definitive Guide
