Asheville Eye Associates Data Breach

Attorneys working with ClassAction.org are looking into whether a class action lawsuit can be filed in light of the Asheville Eye Associates data breach.

As part of their investigation, they need to hear from individuals who received a notice stating they were impacted.

Asheville Eye Associates, PLLC, which operates 10 eye care centers in Western North Carolina, reported a data breach to the U.S. Department of Health and Human Services (HHS) that affected 193,306 people.

According to cybersecurity news publication SuspectFile.com, ransomware group DragonForce has claimed responsibility for the Asheville Eye Associates data breach and posted on its blog that the stolen data amounts to nearly 540GB. SuspectFile.com confirmed the authenticity of the data, writing that it includes personal and health data belonging to Asheville Eye Associates patients and employees. 

The compromised files reportedly contain patients' names, emails, dates of birth, Social Security numbers, patient account numbers, diagnosis information and more. Physicians may have had their addresses, phone numbers, spouses' names, driver's licenses, passports, Social Security numbers, and professional licenses exposed, according to SuspectFile.com. The publication wrote that HR documents, health insurance details, diagnostic images, administrative documents and payment details for medical services were also compromised.

It is worth noting that all data breaches involving the protected health information of more than 500 individuals must be reported to the HHS secretary.

If your information was exposed in the breach, attorneys want to hear from you. You may be able to start a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.

A successful case could also force Asheville Eye Associates to ensure it takes proper steps to protect the information it was entrusted with.