On October 23, 2023, the Dakota Eye Institute (“DEI”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that patients’ personal information was compromised following a cyberattack. In this notice, DEI explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, DEI began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you receive a data breach notification from the Dakota Eye Institute, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Dakota Eye Institute data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Dakota Eye Institute?

The Dakota Eye Institute data breach was only recently announced, and more information is expected in the near future. However, DEI’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. The company has also posted a website notice entitled, “Dakota Eye Institute Notifies Individuals of Data Incident.”

According to these sources, DEI recently learned that it had been the target of a cyberattack. In response, DEI contained the incident, notified law enforcement, and then began working with third-party data security experts to investigate what, if any, patient data was compromised as a result.

The Dakota Eye Institute investigation confirmed that certain personal information belonging to patients was affected by the cyberattack.

After learning that sensitive consumer data was accessible to an unauthorized party, the Dakota Eye Institute reviewed the compromised files to determine what information was leaked and which consumers were impacted. Unfortunately, neither DEI’s website notice nor the HHS-OCR notice provides a list of compromised data types. However, companies only need to file notice of a breach with the HHS-OCR if the incident affected the Protected Health Information of more than 500 people.

On October 23, 2023, Dakota Eye Institute sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Dakota Eye Institute

Established in 1989, the Dakota Eye Institute is a multi-specialty group of Board Certified Ophthalmologists and Optometrists based in Bismarck, North Dakota. DEI operates four locations in Rugby, Linton and Bismarck. Additionally, DEI providers travel to surrounding cities to provide services, including to patients in Dickinson, Beulah, Hazen, Jamestown, and Mandan. Dakota Eye Institute employs more than 35 people and generates approximately $19 million in annual revenue.