Connect with us


Phishing Scam Hits Colorado Eyecare Practice

Nearly 27,000 patients may have been affected.




Colorado Retina Associates in Denver has reported a breach of part of its secured computer network.

Nearly 27,000 patients may have been affected.

On Jan. 12, the practice “discovered that an unauthorized individual gained access to an employee’s work email
account when that email account was used to send phishing emails to individuals in the employee’s electronic contacts,” according to a notice issued by the practice. Colorado Retina Associates reported the incident to the U.S. Department of Health and Human Services Office for Civil Rights.

The practice “immediately began investigating, secured that email account, and subsequently secured CRA’s entire email environment.” It hired a national firm with forensic computer expertise to assist in the investigation and to determine the nature and scope of the breach.

The notice continued:

CRA’s forensic investigation concluded on February 24, 2021 and determined that there was unauthorized access to certain CRA email accounts and that two user accounts that had patient information, may have involved “syncing” (copying) of the email account by the unauthorized individual(s) between January 6, 2021 and January 17, 2021. CRA immediately began a detailed analysis and review of all the potentially compromised emails and attachments to identify the names of all individuals who were potentially impacted, as well as the type of information included in these files. Although CRA could not fully determine whether, and to what extent, the unauthorized individual(s) viewed any personal information, regrettably it is possible because of the syncing, that some patients’ personal information may have been acquired and could therefore be viewed by the unauthorized individual(s).


Personal information involved may have included any of the following: full name, date of birth, home address, phone number, email address, clinical information such as dates of service, diagnoses and conditions, labs and diagnostic studies, medications, other treatment or procedure information, and certain health insurance, claims, billing, and payment information. For less than 3% of involved individuals social security numbers were involved and for less than 0.2% of individuals, driver’s license, financial account, or payment card information was involved.

In response, CRA took immediate steps to enhance the protections that were in place before this incident. CRA made changes to how authorized individuals gain access to accounts and required password changes to all authorized employee accounts. CRA is reinforcing security awareness through reminders to its entire workforce. Additionally, CRA reported this incident to law enforcement for further investigation.

Since launching in 2014, INVISION has won 23 international journalism awards for its publication and website. Contact INVISION's editors at [email protected].



Introducing Crizal® Rock™

Did you know three out of four people wipe their lenses on their clothes?* Or that one out of three people accidentally drop their glasses at least once a week?* It's no surprise, then, that 93 percent of wearers consider scratch-resistance an important characteristic when choosing lenses.* To prove the durability of new Crizal Rock lenses, we ran tests inspired by real life situations. To learn more about new Crizal Rock, the most scratch-resistant Crizal No-Glare lenses ever made, visit *Study conducted by ⒸIpsos - Risky behaviors of eyeglass wearers - consumer quantitative research 2019 - declarative results - USA - n= 2345 eyeglass wearers

Promoted Headlines





Get the most important news and business ideas for eyecare professionals every weekday from INVISION.


Most Popular