Oregon Eye Care Provider and New York Children’s Center Announce Hacking Incidents

Posted by Steve Alder

Cyberattacks have recently been announced by River City Eye in Oregon and Elmcrest Children’s Center in New York.

River City Eye Care

River City Eye Care, an eye care provider with locations in Portland and Happy Valley, Oregon, has started notifying patients about a recent security incident involving the theft of files containing patient information. Unusual network activity was detected on or around September 8, 2025, and an investigation was launched to determine the nature and scope of the activity.

The investigation confirmed unauthorized access to its network and the exfiltration of files. The affected files were reviewed, and River City Eye Care completed the review on October 1, 2025. The types of information involved vary from individual to individual and may include names in combination with one or more of the following: address, email address, phone number, and date of birth.  Driver’s license numbers and Social Security numbers were involved for a limited number of individuals. Notification letters started to be mailed on October 16, 2025, and steps are being taken to reduce the risk of similar incidents in the future. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

The Genesis threat group claimed responsibility for the attack and has added River City Eye to its data leak site. The group claims it operates a data extraction operation (no file encryption) and says it exfiltrated 200 GB of data from company management hosts and file servers, which has been made available for download. The HIPAA Journal has not downloaded any data, so cannot verify the legitimacy of the group’s claim.

Elmcrest Children’s Center

Elmcrest Children’s Center, a Syracuse, NY-based provider of support services to children with emotional, behavioral, and developmental limitations and their families, has recently disclosed a security incident involving unauthorized access to its network. The investigation into the incident is ongoing, but it has been confirmed that its network was subject to unauthorized access between March 10, 2025, and July 24, 2025, during which time files were accessed and acquired by the threat actor.

The files are still being reviewed, but based on the initial findings, the types of information involved include names, dates of birth, and medical information. Technical and administrative policies and procedures are being reviewed and will be updated to reduce the risk of similar incidents in the future. Elmcrest Children’s Center has yet to disclose how many individuals have been affected; however, the data breach does appear to be significant. The Interlock ransomware group has claimed responsibility for the attack and says almost 450 GB of data was copied.

The post Oregon Eye Care Provider and New York Children’s Center Announce Hacking Incidents appeared first on The HIPAA Journal.

Massachusetts Hospitals Experiencing Disruption Due to Cyberattack

Posted by Steve Alder

A cyberattack has caused a network outage that has disrupted operations at two hospitals in North Central Massachusetts – the 134-bed non-profit Heywood Hospital in Gardner, and Athol Hospital, a 25-bed critical access hospital in Athol, both owned and operated by Heywood Healthcare.

The attack was detected last week, and systems were immediately taken offline to protect the network and patients. Incident response protocols were activated, a Code Black was declared, and the emergency department was closed to all patients arriving by ambulance. Ambulances were diverted to other facilities due to the inability to access certain systems. Radiology and laboratory services have also been disrupted.

The attack affected its Internet connection, email system, and phone lines, and while communications are back up and running, some issues are still being experienced. On Thursday, October 16, 2025, the hospital confirmed that the network outage was caused by a cybersecurity incident and that a third-party cybersecurity firm has been engaged to assist with the investigation and recovery. The Athena portal is online, and patients are encouraged to use the portal to communicate with the hospital and providers, and its answering service is operational if the portal cannot be accessed.

Heywood Hospital said its main priority is ensuring that care continues to be provided to patients, and has confirmed that both hospitals and Heywood Medical Group have remained open throughout and are continuing to provide care to patients. Heywood Healthcare is working with the cybersecurity experts to restore systems as quickly as possible, but no timeline has been provided for when full functionality will be restored. The exact nature of the attack, such as whether ransomware was involved, has not been disclosed. No ransomware group appears to have claimed responsibility for the attack. At such an early stage of the investigation, it is unclear to what extent, if any, patient data has been exposed or if sensitive data was stolen in the attack. Heyward Healthcare said it will provide further updates as more is learned about the incident.

Patient care is often disrupted by cyberattacks, the extent of which was recently explored in a survey conducted by the Ponemon Institute on behalf of cybersecurity firm Proofpoint. The survey found that 93% of healthcare organizations in the study had experienced a cybersecurity incident in the past 12 months, and 72% had experienced a cybersecurity incident that disrupted patient care. Healthcare providers reported negative impacts such as cancelled appointments, delayed intake, longer patient stays, poorer outcomes, increased complications from medical procedures, and an increase in mortality rate following a cyberattack.

The post Massachusetts Hospitals Experiencing Disruption Due to Cyberattack appeared first on The HIPAA Journal.