Home
>
Data Breach>Black Hills Regional Eye Institute

Black Hills Eye Institute Data Breach: 200 GB Stolen

Published
August 29, 2025
Updated
August 29, 2025
Black Hills Eye Institute Data Breach: 200 GB Stolen
Black Hills Regional Eye Institute
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Black Hills Regional Eye Institute

data breach?

Join the Lawsuit

It's free to join. 

On Jan. 8, 2025, Black Hills Regional Eye Institute detected suspicious activity within its network. An investigation was launched and on Feb. 7, 2025, it was determined that patient information was accessed and acquired by a cybercriminal as early as January 4, 2025.

The data breach exposed both personally identifiable information (PII) and protected health information (PHI). Compromised information includes names, dates of birth, Social Security numbers, dates of service, driver's license numbers, insurance information, diagnostic treatment, medical record numbers, medical histories, medication treatment locations, medications, provider names, surgical information and credit card information.

The Qilin ransomware group, which claimed responsibility on the dark web and alleged it had obtained 200 GB of the institute’s data. The Qilin ransomware group is known for targeting healthcare providers and leaking sensitive data on the Tor network if ransom demands are not met.

Black Hills Regional Eye Institute published a Notice of Data Security Incident on its website on Aug. 29, 2025 and is notifying affected individuals by mail beginning on Aug. 29, 2025. The total number of impacted current and former patients has not been released.

The data breach was disclosed to the Maine Attorney General’s office on Aug. 28, 2025.

Black Hills Regional Eye Institute’s response

In addition to required state and federal disclosures, the eye care organization is offering individuals whose Social Security numbers were compromised free Experian IdentityWorks credit monitoring services.

If you receive a data breach from Black Hills Regional Eye Institute, you may want to:

  • Sign up for the free credit monitoring services, if offered.
  • Monitor your credit reports and financial accounts for any unusual activity.
  • Be alert for phishing emails or phone calls that may use your exposed information.
  • Consider placing a fraud alert or credit freeze with major credit bureaus.

For more about the medical practice, visit the Black Hills Regional Eye Institute website.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Sources

Disclosures

Breach Summary

Affected Entity
Black Hills Regional Eye Institute
Consumers Notification date
August 28, 2025
Date of Breach
Breach Discovered Date
July 30, 2025
Total People Affected
Information Types Exposed
  • First and last names
  • Social Security Number
  • Date of Birth
  • Date of Service
  • Diagnostic Treatment Information
  • Driver’s License Number
  • Insurance Information
  • Medical Record Number
  • Medical History
  • Medical Treatment Location

Data Breach Settlements

Shields Health $15.35M Data Breach Class Action Settlement
Nuance Communications $8.5M MOVEit Data Breach Settlement
Integris Health $30M Data Breach Class Action Settlement
Ott Cone & Redpath $600K Data Breach Class Action Settlement
Dobson Technologies $450,000 Data Breach Settlement
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image

What to Read Next

Crenshaw Community Hospital Data Breach Exposes Protected Health Information
October 13, 2025
Crenshaw Community Hospital Data Breach Exposes Protected Health Information
Lincoln University Data Breach Exposes Students' Social Security Numbers
October 13, 2025
Lincoln University Data Breach Exposes Students' Social Security Numbers
Alert Medical Alarms Inc Breach Exposes Sensitive Data
October 13, 2025
Alert Medical Alarms Inc Breach Exposes Sensitive Data
Pulse Urgent Care Discloses Data Breach Exposing Patients' Protected Health Info
October 13, 2025
Pulse Urgent Care Discloses Data Breach Exposing Patients' Protected Health Info