Alabama Ophthalmology Associates Data Breach Affects 131,576 Americans

Between January 22 and January 30, 2025, Alabama Ophthalmology Associates (AOAPC), a Birmingham-based medical practice, experienced a significant data breach that affected 131,576 individuals in the United States. The incident was caused by a ransomware attack attributed to the BianLian group, who claimed responsibility on a dark web site.

This group reportedly accessed and acquired a wide range of sensitive information, including financial records, HR files, patient personally identifiable information (PII), protected health information (PHI), biometric data, partner and vendor data, as well as internal and external email correspondence and databases.

The breach was discovered on January 30, 2025, when AOAPC detected unusual activity within its network. Immediate action was taken to secure systems, and a digital forensics firm was engaged to investigate. The investigation confirmed that unauthorized access and data acquisition occurred during the eight-day window.

The types of information exposed include names, dates of birth, Social Security numbers, government-issued IDs, health insurance details, medical record numbers, diagnosis and treatment information, and other health-related data. In many cases, this included both PII and PHI, increasing the risk of identity theft and medical fraud.

The severity of the breach is heightened by the nature of the data accessed and the involvement of a ransomware group known for posting stolen information on the dark web. The BianLian group’s claims suggest that not only patient data but also sensitive business and operational records may have been compromised.

The breach was reported to the Vermont Attorney General’s office on April 11, 2025, and to the U.S. Department of Health and Human Services on April 8, 2025. AOAPC began notifying affected individuals on April 7, 2025, and has also posted a detailed notice on its website.

Alabama Ophthalmology Associates’s response

After discovering the breach, Alabama Ophthalmology Associates conducted a thorough review of the compromised data to identify affected individuals and the specific types of information involved.

Notification letters were sent to those with identifiable addresses, and a toll-free call center (1-877-280-2754) was established to assist concerned patients and answer questions regarding the incident.

Given the sensitive nature of the exposed data—including Social Security numbers, medical histories, and insurance information—AOAPC is urging affected individuals to take several precautionary steps:

• Monitor financial accounts and credit reports for suspicious activity or unauthorized transactions.
• Consider placing a fraud alert or security freeze on credit files with the major credit bureaus.
• Report any suspected incidents of identity theft to law enforcement and follow guidance from the Federal Trade Commission at www.ftc.gov/idtheft.
• Review the detailed instructions and resources provided in the notification letter, including how to request free credit reports and place fraud alerts or freezes.

Due to the ransomware nature of the attack and the possibility that stolen information could be misused or sold, it is especially important for affected individuals to remain vigilant and take proactive steps to protect their identities. For further details, refer to the official notice to consumers and the resources provided by AOAPC.

For additional details about the breach and ongoing updates, you can also consult the U.S. Department of Health and Human Services breach portal and the Vermont Attorney General’s data breach notice.