Koch Eye Associates Data Breach: Patient Data Stolen

In late July 2025, Koch Eye Associates, an eye care provider based in Rhode Island, experienced a data breach. The incident was a ransomware attack carried out by a group of cybercriminals known as Abyss. According to statements posted by the Abyss group on their dark web Tor network site, they claim to have exfiltrated 313 GB of uncompressed data from Koch Eye Associates’ systems.

The data breach is believe to have compromised patient personal and protected health data. The total number of affected individuals has not been released, but could be in the thousands. The Abyss ransomware group has a history of targeting healthcare organizations.

Information exposed may include patient names, contact information, dates of birth, Social Security numbers, driver's license or state ID numbers, health insurance information, medical records, treatment information and possibly financial information. The severity of the breach is increased by the fact that the stolen data reportedly includes both sensitive medical and personal details, which could be used for identity theft or fraud.

Koch Eye Associates’ response

Koch Eye Associates will be required to make mandated state and federal disclosures and notify impacted individuals.

If you believe your personal and protected health information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Koch Eye Associates.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

More information about the healthcare organization can be found on the Koch Eye Associates official website.