On May 16, 2021, Dr. Douglas C. Morrow, OD (“Dr. Morrow”) experienced a data security incident that prevented users from accessing systems and data. Upon discovering this incident, Dr. Morrow immediately launched an investigation and engaged a digital forensics firm to help determine what happened and what information may have been accessed. On October 29, 2021, the investigation determined that the attacker gained access to Dr. Morrow’s data and may have acquired protected health information. On December 8, 2021, Dr. Morrow identified individuals whose protected personal information may have been compromised. The types of information potentially accessed varied by individual, but may have included name, address, Social Security number, driver’s license, medical information, and health insurance information. The specific types of medical information and/or health insurance information that may have been accessed include Member/Medicaid ID numbers, treatment/diagnosis information, dates of service, provider name(s), patient account number(s), and medical record number(s).
