On March 14, 2025, Columbia Eye Clinic (“Columbia Eye”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party accessed the company’s IT network. In this notice, Columbia Eye explains that the incident resulted in an unauthorized party being able to access patients’ sensitive information, which includes their names, contact information, dates of birth, procedure codes and other information needed to obtain pre-approval for eye-related procedures. Upon completing its investigation, Columbia Eye began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Columbia Eye Clinic, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Columbia Eye Clinic data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting Columbia Eye Clinic?
The Columbia Eye Clinic data breach was only recently announced, and more information is expected in the near future. However, Columbia Eye’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. Columbia Eye also posted a notice on its website discussing the incident in greater detail.
According to these sources, on January 13, 2025, Columbia Eye experienced a network disruption that was quickly determined to be related to a cybersecurity incident. In response, Columbia Eye engaged the help of outside cybersecurity experts to investigate what happened and what information may have been compromised.
Through this investigation, Columbia Eye confirmed that, between January 9, 2025 and January 13, 2025, an unauthorized actor was able to access certain files on the company’s IT network—including files containing confidential patient information.
After learning that sensitive patient data was accessible to an unauthorized party, Columbia Eye Clinic reviewed the compromised files to determine what information was leaked and which patients were impacted. While the breached information varies depending on the individual, it may include your name, contact information, date of birth, procedure codes and other information needed to obtain pre-approval for eye-related procedures.
On March 14, 2025, Columbia Eye Clinic sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Columbia Eye Clinic
Columbia Eye Clinic is a comprehensive ophthalmology practice providing medical and surgical eye care services to patients of all ages. Headquartered in Columbia, South Carolina, the clinic offers a wide range of services, including cataract surgery, glaucoma treatment, diabetic eye care, and routine eye exams. With a team of experienced ophthalmologists and optometrists, Columbia Eye Clinic is committed to delivering advanced eye care using the latest diagnostic and surgical technology. The organization employs approximately 114 people and generates an estimated $5 million in annual revenue.
