On February 14, 2025, Claris Vision Holdings, LLC disclosed a data breach affecting multiple affiliated vision care facilities. The breach occurred between July and August 2024, exposing patients’ Social Security numbers and medical records.
Claris Vision Holdings recently filed a data breach notice with the Attorney General of Massachusetts after discovering that an unauthorized party accessed parts of its computer network.
Claris Vision first detected a potential security incident in mid-2024 and launched an internal investigation to determine the extent of the breach. The findings confirmed that unauthorized access occurred between July 10, 2024, and August 5, 2024. The organization completed its investigation in December 2024, assessing the impact on patients.
Subsequently, on February 14, 2025, Claris Vision sent formal data breach notifications to the affected individuals.
This data breach compromises patients’ data from multiple affiliated facilities, including:
The Claris Vision breach notification letter states, “While we have no evidence of financial fraud or identity theft related to this data, we want to make you aware of the incident.”
The organization adds, “To protect you from potential misuse of your information, we are offering a complimentary 24-month membership of Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services at no charge.”
The Claris Vision data breach impacts multiple healthcare entities, each with its own patient network, amplifying its severity and ultimately affecting thousands across different practices and clinics.
Individuals who receive a data breach notification from Claris Vision must review the letter to understand what specific information was exposed. They should also enroll in the complimentary 24-month credit monitoring service provided and regularly check their financial and medical records for suspicious activity.
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
See also: How to respond to a data breach
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
They can adopt measures like multi-factor authentication, regular audits, employee training, and advanced encryption methods to protect patient data.
Learn more: HIPAA Compliant Email: The Definitive Guide