April 20, 2022

To our patients:

Providing patient care is our top priority at Affiliated Eye Surgeons, as well as safeguarding your personal, financial, and medical information. Nevertheless, despite our efforts we have learned that there was a possibility that personal health information (PHI) was breached by an outside cyberattack. We were informed by Eye Care Leaders, who provided our software for the electronic medical records (EMR), that on March 1st, 2022, they had an outside entity gain access to patient information. As mentioned in their notice listed below, “forensics team did not find any evidence that PHI or PII was acquired or exfiltrated; however, because some of our log files have been deleted, our forensics team cannot definitively rule out that possibility”. We are relying on Eye Care Leaders to investigate the breach, mitigate the harm and prevent further breaches.

  • The cyberattack was perpetrated by an attacker who acquired “full access” to sen sitive files and databases.
  • The attacker deleted several files and databases, including some containing PHI and PII and log files.
  • Our internal IT Team immediately restored many of the deleted files and databases; some databases and files, however, have not been fully restored, including some that contain PHI and PII and logs.
  • After the attack, we engaged multiple security experts to change our access protocols and improve our infrastructure to implement security best practices.
  • Our forensics team did not find any evidence that PHI or PII was acquired or exfiltrated; however, because some of our log files have been deleted, our forensics team cannot definitively rule out that possibility. Therefore, out of abundance of caution, we maintain our Notice of Data Breach originally sent to all myCare Integrity Clients on March 1, 2022.
  • Please continue to direct any questions or requests to: eclmatterinfo@eyecareleaders.com

We are deeply committed to our patients, and we join you in your concern and frustration. You may wish to take action to protect yourself from potential harm by contacting Equifax, Experian, and Transunion, the three major credit reporting agencies. Also, you can contact Eye Care Leaders at: eclmatterinfo@eyecareleaders.com or Affiliated Eye Surgeons at (248) 547-6656 if you have additional questions or concerns. We will keep our website updated with any additional details that we learn and discover throughout this investigation.

We want to personally apologize to each of you for what has happened and want to reassure you that we take this matter seriously and we will continue to do everything in our power to make our system and security processes better.

Sincerely,

Dr. Sidney K. Simonian & Dr. Lindsay R. Rubin