Panorama Eyecare Hit by Ransomware

Another ransomware attacker stole hundreds of thousands of patients’ protected health information (PHI).

Colorado-based eye care management company Panorama Eyecare (Panorama) recently notified 377,911 individuals of a data breach in May 2023. The individuals affected include current and former patients and employees.

Panorama is an eyecare management services organization based in Fort Collins, Colorado. Some of its partner eyecare providers include Eye Center of Northern Colorado, Panorama Lasik, Denver Eye Surgeons, Cheyenne Eye Clinic & Surgery Center, Evergreen Vision Clinic, P.C., Haas Vision Center, Windsor Eye Care & Vision Center, and Arvada Vision & Eye Clinic. Panorama employs more than 500 people and generates approximately $73 million in annual revenue.

Panorama filed breach reports in Maine, Massachusetts, and with the Office for Civil Rights (OCR) earlier this month.

How the Hack Unfolded

Panorama first detected the breach on June 3, 2023, but its investigation revealed that the hackers had infiltrated its network thirteen days earlier, on May 22. The company’s year-long investigation, which concluded on May 9, 2024, revealed that the hackers had potentially accessed and removed files from the network, leaving a trail of potential data misuse.

In its website Notice of the Incident, Panorama explains that the data compromised included name, address, telephone number, date of birth, Social Security number, driver’s license number, driver’s license state, military identification number, passport number, Alien Registration Number, bank account number, routing number, credit and/or debit card number, expiration date, security code/PIN number, medical history, lab results, retina scans, prescription information, treating/referring physician name, patient number, medical treatment information, medical diagnosis information, medical record number (MRN), health insurance information, Medicare or Medicaid number, username and password, email address/username and password, security question and answer.

The specific data breached varies by individual.

Although Panorama does not mention the LockBit ransomware group in its website notice, last July, DataBreaches.net reported that the LockBit group had claimed the attack on Panorama and said it stole 798 gigabytes of data. However, since then, LockBit has been dismantled by a coalition of international law enforcement.

Lawsuits are Likely to Follow

Similar to other healthcare data breaches of this size, a class action lawsuit is likely. Law firms are already advertising to find potential victims of the incident to determine whether they want to join a class action.

Ransomware is Still a Major Threat

The takedown of LockBit was a significant victory, but ransomware remains a threat to healthcare and the public health sector. Many groups are still operating and succeeding.

Today, on June 18, the Health Sector Cybersecurity Coordination Center (HC3) issued an Alert about a “ransomware-as-a-service” (RaaS) group called Qilin, aka Agenda. A RaaS operator profits by partnering with other hackers who leverage its tools and infrastructure to carry out ransomware attacks in exchange for 15-20% of the proceeds. Qilin is known to attack organizations in various countries and industries, including manufacturing, healthcare, and financial, legal, and professional services.

The biggest healthcare hack in history at Change Healthcare in February 2024 was a ransomware attack by the ALPHV/Blackcat group.

Prevent and Defend Against Ransomware

The best defense against ransomware is to follow the HIPAA Security Rule. Conduct an annual HIPAA Risk Analysis, update your cybersecurity defenses, and stay current on the latest cybersecurity advice from CISA, the FBI, and HHS. Visit StopRansomware.gov.

Workforce training is essential. Cyber attack methods are sophisticated and evolving. Staff needs to be aware of the tactics to give them the best chance to maintain data security and fight back against phishing.

Get started today. Ramp up compliance and strengthen your cybersecurity before an attack happens.

Free HIPAA Checklist
What best describes you?