Orem Eye Clinic Data Breach Impacts 5,800 Patients

Orem Eye Clinic, an independent optometry practice based in Orem, Utah, experienced a data breach that affected approximately 5,800 individuals in the United States.

On Jan. 26, 2026, a ransomware group called NightSpire claimed on the dark web that it had obtained 1 terabyte of data from the clinic.

The specific dates of when the attack took place and when the clinic first discovered the intrusion have not been detailed in publicly available records.

The incident involved protected health information, commonly referred to as PHI. At this time, the exact types of personal or health information that may have been compromised in this breach have not been specified in available disclosures but may include names, addresses, dates of birth, Social Security numbers, medical record, diagnoses, treatment histories, prescription details, health insurance information and billing records.

The breach was disclosed to the U.S. Department of Health and Human Services on March 19, 2026.

Orem Eye Clinic's response to the breach

Patients of Orem Eye Clinic who are concerned about their information are encouraged to contact the practice directly at 801-224-4799. The clinic's staff may be able to provide additional details about the incident and any resources available to individuals who may have been affected.

Steps to take if your information was exposed

• Watch for a notification letter from Orem Eye Clinic. If the clinic sends a letter, it should contain details about what specific information was involved and what resources are available to affected individuals.
• Monitor health insurance statements and Explanation of Benefits documents. Look for any unfamiliar services, prescriptions or claims, which could be a sign of medical identity theft.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any accounts or activity that seems unfamiliar.
• Consider placing a fraud alert or credit freeze with the three major credit bureaus: Equifax (1-800-525-6285), Experian (1-888-397-3742) and TransUnion (1-800-680-7289).
• Be cautious of phishing attempts that reference Orem Eye Clinic or this data breach by name, as scammers sometimes exploit breach notifications to trick people into sharing more personal information.
• Keep records of any suspicious activity related to health insurance, financial accounts or personal information and report concerns to the Federal Trade Commission at IdentityTheft.gov.