Columbia Eye Clinic begins investigating likely ransomware attack

The South Carolina-based eye care center recently published a notice informing customers of a possible breach. 

What happened

According to the notice posted online, Columbia Eye experienced a network disruption on January 13th, 2025. The incident disrupted the clinic’s ability to access some of its systems. Soon after, the clinic brought in cybersecurity specialists, who determined that an unauthorized actor accessed the network between January 9th, 2025, and January 13th, 2025. Some files may have been accessed, and a team is currently working to review the affected files and determine who may have been impacted. 

Columbia Eye Clinic says they will notify individuals whose personal information was potentially impacted after the review. 

Going deeper

While the investigation is ongoing, Columbia Eye believes impacted data may include names, contact information, date of birth, procedure codes, and additional information needed for pre-approval of eye-related procedures. Currently, the clinic has no evidence that any data has been misused to commit fraud. 

In response to the breach, Columbia Eye reset all user passwords, created a new IT environment using backup systems, issued new devices and software, added additional monitoring software, implemented enhanced security policies and procedures to protect access to the data, and took further steps to harden the environment. 

The company says they are committed to preventing similar incidents from occurring in the future. 

The bottom line 

Currently, Columbia Eye is considering the event may have been a ransomware attack. The clinic is continuing to investigate the incident. They have not yet confirmed how many individuals were impacted in the breach, but reported to the HHS that at least 500 people were affected. As the investigation wraps up, we’ll likely have updated numbers and additional information. Furthermore, it’s possible a ransomware organization may claim the attack in the future. 

FAQs

What is a ransomware attack? 

A ransomware attack is when a malicious organization encrypts data, preventing it from being accessed by the legitimate owner. The attacker then demands a sum of money in exchange for providing a “key” that allows the data to be accessed again.

How should organizations handle ransomware attacks?

Healthcare companies should never negotiate with malicious organizations. Once data has been accessed by a ransomware group, healthcare organizations should assume it may be sold or leaked, regardless of if a payment is made. It’s generally advised to not pay ransoms, as this can embolden attackers and does not guarantee data to be decrypted or secured.