Columbia Eye Clinic’s Data Security Incident Impacts Hundreds
Columbia Eye Clinic, a prominent ophthalmology practice in South Carolina, recently disclosed a significant data security incident. The breach, discovered on January 13th, 2025, involved unauthorized access to the clinic’s network between January 9th and 13th, 2025.
While the clinic describes the Data Breach incident as an “information technology network disruption that impacted the clinic’s accessibility to certain electronic systems,” the phrasing strongly suggests a ransomware attack.
The clinic’s investigation, still underway, aims to identify all affected individuals and the specific data compromised. Preliminary findings indicate that exposed information may include names, contact details, dates of birth, procedure codes, and pre-authorization data for eye procedures. Importantly, the clinic states that there’s no evidence of unauthorized access to its electronic medical record or practice management systems, and no indication of data misuse to date.
Following the incident, Columbia Eye Clinic took swift action. All passwords were reset, systems were rebuilt from backups, new devices and software were deployed, security policies were enhanced, new monitoring software was implemented, and overall IT security was strengthened.
The clinic has reported the breach to the HHS’ Office for Civil Rights, indicating that at least 500 individuals’ protected health information (PHI) may be involved. Individual notification letters will be sent once the investigation is complete.
The nature of the attack remains under investigation but the description points to a sophisticated intrusion. The clinic’s response demonstrates a proactive approach to remediation, including system rebuilds from backups, password resets, and enhanced security measures.
