Retina Group of Florida and Hampton Regional Medical Center have each disclosed cybersecurity incidents that may have exposed patient information. The two cases span separate timeframes and practices — an ophthalmology network and a general acute care hospital — and together underline ongoing risk to protected health information (PHI) within U.S. care providers. Both organizations say they identified the incidents, launched investigations, and are notifying potentially affected patients.
Retina Group of Florida Confirms November 2024 Intrusion and Large PHI Exposure
Retina Group of Florida, a multi-physician ophthalmology practice with 22 offices focused on retinal disease, reported that suspicious activity consistent with an intrusion was first identified on November 9, 2024. A subsequent internal investigation determined the unauthorized network access began on November 6, 2024, and continued through November 9, 2024. During that four-day window, patient data may have been copied from systems the practice controls.
The practice completed its review of exposed files on August 18, 2025 and verified contact information over the following month to prepare notification letters. The notification process began on September 16, 2025, and the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) was notified on September 9, 2025. In its breach filing, Retina Group of Florida reported that the electronic protected health information of up to 152,691 individuals was potentially compromised.
Retina Group said it took immediate action to secure the affected portion of its network and engaged third-party specialists to investigate and assist with containment. Affected individuals were offered complimentary credit monitoring and identity-theft protection services for 12 months as part of the notification.
The Retina Group incident joins a string of ophthalmology practice breaches this year; other reported incidents include a 107,000-record breach at Black Hills Regional Eye Institute and a 205,000-record breach at Asheville Eye Associates.
Hampton Regional Medical Center Discloses System Access Linking to June–July 2025 Activity
Hampton Regional Medical Center in Varnville, South Carolina, reported suspicious activity in its computer systems identified on or about July 16, 2025. The hospital’s investigation confirmed that an unauthorized third party had access to certain systems between June 18 and July 16, 2025, and that during that interval patient data may have been copied.
Hampton Regional said the organization is performing a file review to determine which patients were affected and which types of information were exposed. At this stage, known exposed information includes names, dates of birth, Social Security numbers, driver’s license or state identification numbers, other demographic details, and medical information. The hospital will mail notification letters to impacted individuals once the review is complete.
In public statements, Hampton Regional advised patients to monitor account statements, free credit reports, and explanation-of-benefits documents for signs of identity theft or fraud. The hospital said it is implementing additional administrative and technical safeguards and reviewing policies and procedures to strengthen security.
Investigation Timelines, Notifications, and Services Provided
Both providers followed a similar post-discovery workflow: identify suspicious activity, isolate affected systems, retain third-party forensic teams for investigation, and begin patient outreach after records were reviewed and contact information verified. Retina Group completed its internal review months after the intrusion and began notifications in mid-September 2025. Hampton Regional’s review is ongoing, and notification timing will depend on the scope of the file analysis.
Retina Group has provided a year of credit monitoring and identity-theft protection to affected patients. Hampton Regional has advised vigilance and said it will notify impacted patients once the review concludes.
Sector Context and Reported Trends
Healthcare and specialty practices have been frequent targets for intrusions that expose PHI. The recently reported ophthalmology breaches illustrate a pattern affecting similar provider types. OCR filings and public notices show the range of affected data elements — from contact information to highly sensitive identifiers like Social Security numbers — and the operational impact that extended forensic reviews and patient outreach entail.
What Officials Have Reported Publicly
- Retina Group of Florida: confirmed unauthorized access dated November 6–9, 2024; review completed August 18, 2025; notification began September 16, 2025; up to 152,691 individuals potentially affected; OCR notified September 9, 2025.
- Hampton Regional Medical Center: unauthorized access between June 18 and July 16, 2025; file review ongoing; known exposed data includes names, DOB, SSNs, driver’s license/state IDs, demographic and medical information; notifications to follow completion of review.
Summary
Two distinct healthcare providers have disclosed incidents that may have exposed patient PHI to unauthorized parties. Retina Group of Florida’s November 2024 intrusion affected a large number of patients and resulted in a months-long forensic review prior to notification. Hampton Regional Medical Center’s June–July 2025 exposure remains under review, with known data types already disclosed. Both organizations report containment steps, investigations, and patient notification plans.
