Recently, Associated Ophthalmologists of Kansas City, PC (“AOKC”) reported a data breach after a third-party vendor informed the company that AOKC patient data was compromised following a period of unauthorized network access provider information technology. Evidently, the AOKC violation resulted in the names, addresses, dates of birth, social security numbers, diagnostic information, and health insurance information pertaining to 13,461 compromised patients. On May 31, 2022, AOKC filed an official notice of the breach and sent data breach letters to all affected parties.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Associated Ophthalmologists of Kansas City data breach, check out our recent article on the topic. here.
What we know about the Associated Ophthalmologists of Kansas City data breach
The data breach at Associated Ophthalmologists of Kansas City did not actually involve the company’s computer systems. Instead, the violation stemmed from a violation by a third-party vendor that handled billing and medical record management for AOKC. The outside provider was Eye Care Leaders (“ECL”).
Evidently, around December 4, 2021, an unauthorized person accessed the Eye Care Leaders platform called myCare Integrity. Shortly after Eye Care Leaders became aware of this access, the company launched an investigation and confirmed that the unauthorized party accessed the data and deleted the databases and system configuration files. Eye Care Leaders could not assure Associated Ophthalmologists of Kansas City that patient data was not compromised during the breach.
Although the leaked information varies by person, it can include your name, address, date of birth, social security number, diagnostic information, and health insurance information.
On May 31, 2022, Associated Ophthalmologists of Kansas City sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.
Learn more about Associated Ophthalmologists in Kansas City, PC
Associated Ophthalmologists of Kansas City, PC is a healthcare provider based in Kansas City, Missouri. As an ophthalmology practice, AOKC specializes in ophthalmic plastic and reconstructive surgery, glaucoma and cataracts. The practice also offers comprehensive eye exams and contact lens fittings. AOKC has three locations in Kansas City, MO; Sedalia, MO; and Warrensburg, MO. Associated Ophthalmologists of Kansas City employs less than 25 people and generates approximately less than $5 million in annual revenue.
How do companies end up with your information?
For many AOKC patients, it may come as a surprise that their information was leaked as a result of a breach that occurred at a third-party provider. However, this is relatively common; companies that contract services from other providers often need to provide consumer information to the provider. Of course, this exposes a consumer’s information to unauthorized access through the provider’s servers, which is exactly what happened in the AOKC breach.
After a data breach, especially one involving multiple companies, victims often wonder which companies can be held financially responsible. Under state and federal data breach laws, any organization in possession of consumer data has a duty to protect the information. This includes both those organizations that receive information from a client and external providers that receive the data through a contracting company.
In either case, the issue of liability boils down to negligence. In other words, companies can only be held liable for a data breach if the company’s negligence contributed to the breach. For example, a company that decided to save money by not maintaining a strong data security system in an environment where data breaches are common may be negligent.
Those with questions about liability in the wake of a data breach should contact an experienced data breach attorney for immediate assistance.