Notice of Data Security Incident
Bloomington, IL – December 13, 2024 – VisionPoint Eye Center, PLLC (“VisionPoint”) is notifying certain current and former patients that their personal information may have been compromised as part of security incident. VisionPoint takes the privacy and security of information in its possession very seriously and sincerely apologizes for any inconvenience this incident may cause. This notice is intended to alert potentially impacted individuals of the incident, steps we are taking in response, and resources available to assist and protect individuals.
What Happened VisionPoint experienced a network security incident that involved an unauthorized party gaining access to our network environment on October 3, 2024. Upon detecting the incident, we immediately took steps to secure the network environment and engaged a specialized third-party forensic incident response firm to assist with securing the network environment and investigating the extent of unauthorized activity. The forensic investigation determined that the unauthorized third party may have acquired certain data as a result of this incident. We then undertook a comprehensive review of the data potentially impacted in this incident to determine whether personal information may have been involved. After conducting a comprehensive review of the data potentially impacted in this incident, which was completed on October 29, 2024, we determined that the unauthorized third party may have acquired certain personal information as a result of this incident. VisionPoint is providing written notice to all impacted individuals. VisionPoint has no reason to believe that any individual’s information has been misused as a result of this event. As of this writing, VisionPoint has not received any reports of misuse of information and/or related identity theft since the date the incident was discovered.
What Information Was Involved Again, we found no evidence that patient information has been specifically misused. However, the following information was potentially exposed to an unauthorized third party: first name, last name, medical record number, health insurance information, and medical information. Notably, the types of information affected were different for each individual, and not every individual had all the above listed elements exposed. Please rest assured that financial information and Social Security Numbers were not exposed in this incident. Likewise, VisionPoint’s electronic medical record system with full patient history was not impacted in the incident.
What We Are Doing Data security is one of our highest priorities. Upon detecting this incident we moved quickly to initiate a response, which included conducting an investigation with the assistance of IT specialists and confirming the security of our network environment. We have also reviewed and enhanced our technical safeguards to prevent a similar incident.
The notification letter to the potentially impacted individuals includes steps that they can take to protect their information. In order to address any concerns and mitigate any exposure or risk of harm following this incident, VisionPoint has arranged for complimentary credit monitoring services and identity theft protection services to all potentially impacted individuals at no cost to them for a period of twelve months. VisionPoint recommends that individuals enroll in the services provided and follow the recommendations contained within the notification letter to ensure their information is protected.
For More Information For individuals seeking more information or questions about this incident, please call 1-833-833-1335, Monday through Friday, 8:00 a.m. and 5:00 p.m. ET, excluding holidays.
Thank you for entrusting VisionPoint with your healthcare needs. We value the security of the personal data that we maintain, and understand the frustration, concern, and inconvenience that this incident may have caused. We look forward to continuing to provide high quality care to you, your family, and the VisionPoint community.
