Independence Eye Associates Data Breach: PII and PHI Stolen

On or around early August 2025, Independence Eye Associates, a medical practice specializing in optometry and ophthalmology, experienced a data breach. The incident was a ransomware attack by the Abyss ransomware group, who announced on a dark web site hosted on the Tor network that they had infiltrated the eye care practice's systems.

According to the cybercriminals, they exfiltrated a total of 313 GB of uncompressed data from Independence Eye Associates. It is believed that the stolen information includes both personally identifiable information (PII) and protected health information (PHI).

Exposed information may include names, contact information, dates of birth, Social Security numbers, driver's license or state ID numbers, health insurance information, medical records, financial information, including payment card numbers. While the exact number of individuals affected has not been disclosed, the size of the data set suggests that the breach could impact a large number of patients and staff.

The severity of this breach is heightened by the fact that ransomware groups like Abyss often publish or sell stolen data if their ransom demands are not met.

Independence Eye Associates' response

Independence Eye Associates will work to identify and notify affected individuals with the data breach details. The organization will also be required to make certain state and federal data breach disclosures.

If you believe your personal and protected health information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Independence Eye Associates.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

For more details about the eyecare practice, visit the Independence Eye Associates official website.