Associated Ophthalmologists of Kansas City, P.C. Announces Data Breach Caused by Cybersecurity Incident at a Third-Party Vendor

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

Recently, Associated Ophthalmologists of Kansas City, P.C. (“AOKC”) reported a data breach after the company was informed by a third-party vendor that AOKC patient data was compromised following a period of unauthorized access to the vendor’s computer network. Evidently, the AOKC breach resulted in the names, addresses, dates of birth, Social Security numbers, diagnostic information, and health insurance information belonging to 13,461 patients being compromised. On May 31, 2022, AOKC filed an official notice of the breach and sent out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Associated Ophthalmologists of Kansas City data breach, please see our recent piece on the topic here.

What We Know About the Associated Ophthalmologists of Kansas City Data Breach

The data breach at Associated Ophthalmologists of Kansas City didn’t actually involve the company’s computer systems. Instead, the breach stemmed from a breach of a third-party vendor who handled billing and medical record management for AOKC. The third-party vendor was Eye Care Leaders (“ECL”).

Evidently, on or around December 4, 2021, an unauthorized party accessed Eye Care Leaders’ platform called myCare Integrity. Shortly after Eye Care Leaders learned of this access, the company began an investigation, confirming that the unauthorized party accessed data and deleted databases and system configuration files. Eye Care Leaders was unable to assure Associated Ophthalmologists of Kansas City that no patient data was compromised during the breach.

While the leaked information varies depending on the individual, it may include your name, address, date of birth, social security number, diagnostic information, and health insurance information.

On May 31, 2022, Associated Ophthalmologists of Kansas City sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Associated Ophthalmologists of Kansas City, P.C.

Associated Ophthalmologists of Kansas City, P.C. is a healthcare provider based in Kansas City, Missouri. As an ophthalmology practice, AOKC specializes in ophthalmic plastic and reconstructive surgery, glaucoma and cataracts. The practice also offers comprehensive eye exams and contact lens fittings. AOKC has three locations in Kansas City, MO; Sedalia, MO; and Warrensburg, MO. Associated Ophthalmologists of Kansas City employs fewer than 25 people and generates approximately less than $5 million in annual revenue.

How Do Companies End Up With Your Information?

For many patients of AOKC, it may come as a surprise that their information was leaked as a result of a breach occurring at a third-party vendor. However, this is relatively common; businesses that contract services from other vendors often need to provide consumer information to the vendor. Of course, this exposes a consumer’s information to unauthorized access through the vendor company’s servers, which is exactly what happened in the AOKC breach.

Following a data breach, especially one involving multiple companies, victims frequently wonder which companies can be held financially liable. Under state and federal data breach laws, any organization in possession of consumer data has a duty to protect the information. This includes both those organizations that receive information from a customer as well as third-party vendors that receive the data through a contracting company.

In either case, the question of liability comes down to negligence. In other words, companies can only be held liable for a data breach if the company’s negligence contributed to the breach. For example, a business that decided to save money by not maintaining a robust data security system in an environment where data breaches are common may be negligent.

Those with questions about liability in the wake of a data breach should reach out to an experienced data breach lawyer for immediate assistance.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Console and Associates, P.C.

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide