Center for Advanced Eye Data Breach Affects PHI

The Center for Advanced Eye Care, a medical practice specializing in surgical and medical vision care, recently experienced a data breach involving its legacy systems.

On Dec. 16, 2025, the practice discovered that an unauthorized actor had potentially compromised its legacy environment. Action was taken to secure the affected systems, and a specialized third-party cybersecurity firm was engaged to conduct a thorough investigation.

The investigation determined that certain protected health information (PHI) within the legacy systems was accessed without authorization.

The breach was first brought to public attention when a threat actor known as “Frenshyny” claimed to be selling data allegedly stolen from the Center for Advanced Eye Care on Dec. 14, 2025, via the openweb network. The actor advertised that the stolen data contained personally identifiable information (PII) such as ID, number, name, sex, date of birth, and location, among other details, although none of these data types have been confirmed yet.

So far, it has been confirmed that the exposed data types include Social Security numbers and medical records.

The exact number of individuals affected is 9,300, including six residents of Massachusetts and three of Indiana.

The data breach was disclosed to the Indiana Attorney General, the Massachusetts Office of Consumer Affairs and Business Regulation and the Vermont Attorney General, and to the U.S. Department of Health and Human Services.

The Center for Advanced Eye Care's response

In response to the breach, the Center for Advanced Eye Care is offering affected individuals access to Single Bureau Credit Monitoring, Credit Report, and Credit Score services at no charge. These services, provided through Cyberscout, a TransUnion company, offer alerts for several months following enrollment and proactive fraud assistance.

Individuals who receive a notification letter have ninety days from the date of the letter to enroll in the complimentary credit monitoring and identity theft protection services. Enrollment requires an internet connection and an email account.

The practice also encourages affected individuals to remain vigilant by monitoring their credit reports and financial accounts for suspicious activity. Guidance on placing a credit freeze or fraud alert with the three national credit reporting agencies is provided, along with contact information for the Federal Trade Commission and state attorney general offices.