Valley Eye Associates Data Breach Exposes Protected Health Information

Valley Eye Associates, the ophthalmology and optometry practice based in Appleton, Wis., was the victim of a ransomware attack that compromised sensitive patient and employee information. The incident occurred between Oct. 8 and Oct. 9, 2025, and was carried out by the Qilin ransomware group, who later posted sample data and screenshots on their Tor-based dark web portal on Oct. 25, 2025.

The attackers gained unauthorized access to certain devices and documents within Valley Eye Associates’s network. While the exact number of affected individuals has not yet been confirmed, dark web evidence indicates that the breach exposed a broad range of sensitive data.

Information in screenshots posted on the dark web includes personally identifiable information (PII) such as names, addresses and driver’s license numbers, as well as protected health information (PHI) including medical records. The screenshots released by Qilin suggest that both patient and employee data may have been compromised.

The severity of this breach is heightened by the fact that both PII and PHI were accessed and published on the dark web. Ransomware groups like Qilin are known for exfiltrating data and threatening public exposure unless their demands are met. In this case, Qilin’s public posting of Valley Eye Associates’s data demonstrates a significant risk of identity theft, fraud and misuse of medical information for those affected.

Valley Eye Associates’s response

According to the official data incident page, upon discovering the ransomware attack, Valley Eye Associates took immediate action to terminate unauthorized access to their systems. They launched an internal investigation, notified law enforcement and engaged a national cybersecurity firm to help assess the scope and impact of the incident.

The company is currently reviewing the compromised documents to identify all affected individuals. In compliance with state laws and HIPAA, Valley Eye Associates is preparing individualized notification letters. These letters will include details about the specific information impacted and will provide a dedicated toll-free number for questions and support. The notice and updates are being made available on their

Valley Eye Associates has also implemented additional security protections within their email environment and encourages vigilance among those who may be affected. They recommend monitoring financial and medical accounts for suspicious activity, regularly updating passwords and enabling multi-factor authentication where possible.