Connect with us


Phishing Scam Hits Colorado Eyecare Practice

Nearly 27,000 patients may have been affected.




Colorado Retina Associates in Denver has reported a breach of part of its secured computer network.

Nearly 27,000 patients may have been affected.

On Jan. 12, the practice “discovered that an unauthorized individual gained access to an employee’s work email
account when that email account was used to send phishing emails to individuals in the employee’s electronic contacts,” according to a notice issued by the practice. Colorado Retina Associates reported the incident to the U.S. Department of Health and Human Services Office for Civil Rights.

The practice “immediately began investigating, secured that email account, and subsequently secured CRA’s entire email environment.” It hired a national firm with forensic computer expertise to assist in the investigation and to determine the nature and scope of the breach.

The notice continued:

CRA’s forensic investigation concluded on February 24, 2021 and determined that there was unauthorized access to certain CRA email accounts and that two user accounts that had patient information, may have involved “syncing” (copying) of the email account by the unauthorized individual(s) between January 6, 2021 and January 17, 2021. CRA immediately began a detailed analysis and review of all the potentially compromised emails and attachments to identify the names of all individuals who were potentially impacted, as well as the type of information included in these files. Although CRA could not fully determine whether, and to what extent, the unauthorized individual(s) viewed any personal information, regrettably it is possible because of the syncing, that some patients’ personal information may have been acquired and could therefore be viewed by the unauthorized individual(s).


Personal information involved may have included any of the following: full name, date of birth, home address, phone number, email address, clinical information such as dates of service, diagnoses and conditions, labs and diagnostic studies, medications, other treatment or procedure information, and certain health insurance, claims, billing, and payment information. For less than 3% of involved individuals social security numbers were involved and for less than 0.2% of individuals, driver’s license, financial account, or payment card information was involved.

In response, CRA took immediate steps to enhance the protections that were in place before this incident. CRA made changes to how authorized individuals gain access to accounts and required password changes to all authorized employee accounts. CRA is reinforcing security awareness through reminders to its entire workforce. Additionally, CRA reported this incident to law enforcement for further investigation.

Since launching in 2014, INVISION has won 23 international journalism awards for its publication and website. Contact INVISION's editors at


Turn Patients Into Loyal Eyewear Shoppers

80% of patients are browsing eyewear online, are you influencing patients online before your competition? Join thousands of practices thriving with Optify, voted the #1 optical sales tool by EyeVote. Empower your opticians to save time, increase optical revenue, and maximize your EHR data and website with a seamless optical plug-in that keeps patients buying from YOU! Now through August 31st receive a $25 UberEats® gift card when you complete a 15 min demo. Book your demo here..

Promoted Headlines





Get the most important news and business ideas for eyecare professionals every weekday from INVISION.



Most Popular

Link partner: indobet autowin88 vegasslot77 mantra88 ligasedayu warungtoto login sbobet vegas4d indobet ingatbola88 ligaplay dewagg hoki368 qqnusa ligagg zeus138 bro138 bos88 ligaciputra