Claris Vision Suspects PII Exposed in Data Breach

• Claris Vision Holdings filed a notice of data breach, saying patients' data may have been exposed. 
• Unidentified hackers remained active on their systems between July 10, 2024, and August 5, 2024.
• Investigators did not find any evidence to confirm identity fraud or financial scams arising from the incident.

Claris Vision Holdings, LLC, a vision care services provider, has filed a notice of data breach with the Attorney General of Massachusetts. Social Security Numbers, medical data, and financial information are speculated to have been accessed by the hackers. 

The official disclosure of the data breach read that personal information from Claris Vision’s systems may have been stolen by presently unknown cybercriminals. They had access to the company’s systems for about a month, from July 10, 2024, to August 5, 2024. 

The stored Personally Identifiable Information (PII) of patients may have been exposed during that time. Based on a claim depot report, the forensic investigation did not assert financial or identity fraud at the time of making the public disclosure on February 14, 2025.

Users are urged to place a fraud alert or security freeze on their credit files in case they notice suspicious transactions or activities, at no charge. 

Claris Vision is served by nearly 200 employees and has an annual revenue of about $50 million. Since Claris Vision works with affiliate partners including Eye Health Associates Inc., Eye Health Associates of RI Inc., Koch Eye Associates LLP, and others, it is advised that customers of all the affiliates remain vigilant and monitor their credit reports regularly.

Based on threat intelligence, no cybercriminal group has claimed the Claris Vision data breach so far. This could suggest that hackers tried to extort the company and leaked the data which was later removed by investigators. 

In the recent past, Bayhealth Medical Center, Pulmonary Physicians of South Florida, and IVF clinic Genea have been in the news for cybersecurity incidents.

Several healthcare providers are targeted by ransomware groups because of the vast amount of sensitive data that can be exploited and the revenue made using it. 

Healthcare professionals are focused on medical procedures and may not be trained adequately in maintaining cybersecurity. However, its relevance and importance could not be overlooked.