SWANSEA, IL — JFJ Eyecare Ltd., doing business as Quantum Vision Centers and Eye Surgery Center LLC, announced that some of its systems were accessed by an unauthorized person.
“While there is no evidence that suggests that any data was actually taken, Quantum Vision Centers and Eye Surgery Center have mailed letters to individuals whose information may have been affected,” the company stated in a press release.
On April 18, Quantum Vision Centers and Eye Surgery Center “became aware of an incident in which malware was introduced by an unauthorized person into some of their systems,” according to the release.
The malware encrypted certain files, including on a server that contained patient protected health information. The types of affected data may include first and last name, date of birth, address, social security number and information relating to health insurance coverage.
“There is currently no evidence that suggests this malware incident actually resulted in the acquisition of any personal information beyond its encryption, but that possibility cannot be conclusively ruled out,” the company stated.
Quantum Vision Centers and Eye Surgery Center have taken steps including “working diligently to contain the promulgation of the malware, and engaging a third-party forensics firm to investigate the scope and source of the incident.” They also deployed backup measures to recover the data that had been encrypted by the malware and to ensure that the services to patients could continue with limited interruption.
“Quantum Vision Centers and Eye Surgery Center continue to work on ways to mitigate the risk of future such incidents,” according to the release. “Out of an abundance of caution, they are providing patients that may have been affected by this incident with one year of credit monitoring services at no cost to them.”
Quantum Vision Centers and Eye Surgery Center encourage patients to remain vigilant over the coming months and regularly review their bank and other financial account statements, as well as their credit report. Patients that have any reason to believe that they may be the victim of identity theft, or notice any suspicious activity on any of their accounts, should immediately notify the relevant institution, their local law enforcement agency, their state’s Attorney General and the Federal Trade Commission.