Milan Eye Center, an Atlanta, GA-based network of eye surgery centers, has started notifying 67,336 patients that some of their protected health information was compromised in an incident at its third-party vendor, iMedicWare Inc. Milan Eye Center said it was informed about a data compromise incident in December, and launched an investigation which concluded on July 24, 2023, that an unauthorized individual was able to access at least some historical patient archives maintained by iMedicWare between May 18, 2020, and July 23, 2020.
The records included information such as names, birth dates, telephone numbers, insurance coverage information, Social Security numbers, service locations, dates of service, and health statuses. It was not possible to determine exactly which patient records were accessed, so notification letters were sent to all individuals who received services on or before July 23, 2020. Complimentary credit monitoring services have been offered to the affected individuals.
Milan Eye Center confirmed it no longer uses iMedicWare as its electronic health record vendor and said additional technical safeguards and policies have been implemented to enhance information system security.