Laurel Eye Clinic Data Breach Impacts 43k Patients: PHI and PII Compromised

Laurel Eye Clinic, a multi-location ophthalmology and optometry practice based in Brookville, Pennsylvania, disclosed a data breach affecting approximately 42,295 people in the United States.

On Jan. 26, 2025, Laurel Eye Clinic experienced a network disruption that impacted the functionality and access of its computer systems. Upon discovering the suspicious activity, the clinic disconnected all access to its network and engaged a specialized third-party cybersecurity firm to help secure the environment and conduct a forensic investigation into the nature and scope of the incident.

Laurel Eye Clinic posted a notice of the data incident on its website in March 2025, soon after the discovery of the breach.

By March 6, 2025, the investigation found evidence that certain files belonging to the clinic had been obtained by an unauthorized user. A comprehensive review of the affected data was completed on Oct. 30, 2025.

After completing the review, the company spent additional months verifying the identities of affected individuals and obtaining their contact information. On April 15, 2026, Laurel Eye Clinic finalized its list of individuals to notify and began sending out notices on April 22, 2026.

According to their respective state's filing, 22 Maine residents, 4 New Hampshire residents and 37 Massachusetts residents were reported to have been affected.

The types of personally identifiable information that may have been exposed include names, dates of birth, driver's licenses, Social Security numbers, financial account numbers and routing numbers.

Protected health information may also have been compromised, including clinical information, medical treatment and procedure information, health insurance account numbers, patient ID numbers, provider names and provider locations. The specific types of information affected vary for each individual, according to the company's notification letters.

Laurel Eye Clinic's response to the breach

Laurel Eye Clinic is offering 12 months of complimentary single-bureau credit monitoring, credit report and credit score services through Cyberscout, a TransUnion company. These services provide alerts when changes occur to an individual's credit file. The company is also offering proactive fraud assistance and identity theft restoration services.

Affected individuals will receive a notification letter by U.S. First Class Mail containing a unique enrollment code and instructions for signing up. Enrollment must be completed within 90 days of the date of the letter.

For questions about the breach or help enrolling in the complimentary credit monitoring, affected individuals can call 1-833-289-9962 (toll free) Monday through Friday from 8 a.m. to 8 p.m. Eastern time, excluding U.S. national holidays.

Individuals can also reach Laurel Eye Clinic directly by phone at 814-949-8808 or by mail at 50 Waterford Pike, Brookville, Pennsylvania 15825.

Steps to take if your information was exposed

• Place a credit freeze or fraud alert on your credit file by contacting Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-800-916-8800), which is especially important given that Social Security numbers and financial account information were among the data exposed.
• Review financial account statements and bank records carefully for any unauthorized transactions, since financial account numbers and routing numbers may have been compromised.
• Request free credit reports at AnnualCreditReport.com and check them for any unfamiliar accounts or inquiries.
• Monitor Explanation of Benefits statements from your health insurer for medical services or procedures you did not receive, as health insurance and clinical information may have been exposed.
• Be cautious of phishing attempts that reference Laurel Eye Clinic or this breach by name, as scammers may use stolen personal details to craft convincing emails, phone calls or text messages.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338, and consider filing a report with local law enforcement.