The breach involving vendor Eye Care Leaders (ECL) and its electronic medical record (EMR) software continues to rack up victims, with one customer—Texas Tech University Health Sciences Center—reporting that the breach compromised the protected health information (PHI) of 1.3 million patients.
Meanwhile, two additional health care organizations, Shields Health Care Group Inc. and Baptist Medical Center, in June reported unrelated breaches with more than 1 million individuals affected.
In total, these incidents’ sizes eclipse most breaches that have been reported to the Office for Civil Rights (OCR) so far in 2022.
Texas Tech told OCR on June 7 that it had experienced a breach compromising PHI for 1.3 million patients as a result of a security incident at its ophthalmology EMR vendor, ECL. “The service provider reports that the security incident affecting ECL’s databases and files took place on Dec. 4, 2021,” the health sciences center said in a news release.[1] “ECL reported that it detected the incident in less than 24 hours, disabled the compromised system, and initiated an investigation.”