HQ/EMEAFind out how we can help your business
A data breach at North Carolina-based eye care provider Asheville Eye Associates (AEA) has compromised the personal information of over 147,000 individuals, the company has confirmed. The incident, which took place in November 2024, involved a threat actor gaining unauthorised access to AEA’s systems and stealing sensitive patient data.
According to AEA, the breach was discovered on November 18, 2024. Upon detection, the organisation immediately brought in third-party cybersecurity experts to secure its network and investigate the scope of the incident. The investigation concluded on April 14, 2025, confirming that attackers had exfiltrated a range of personal information, including names, addresses, Social Security numbers, treatment details, and health insurance information.
In its notification to the Maine Attorney General’s Office, AEA said that 147,116 individuals are being formally notified and offered 12 months of free identity theft protection services. While the company has not disclosed the specific type of cyberattack, the DragonForce ransomware group has claimed responsibility. In December 2024, DragonForce added AEA to its leak site on the dark web, alleging that nearly 540 gigabytes of data had been stolen and subsequently made publicly available.
Interestingly, AEA had initially reported the incident to the US Department of Health and Human Services (HHS) on January 31, 2025, stating that 193,306 individuals were affected. This number was later updated to 204,984 before being revised to the current figure after further analysis revealed more impacted individuals.
So far, AEA maintains that it has not received any reports of identity theft as a result of the data breach.
However, the company’s silence on DragonForce’s claims and the reported data leak has sparked concern among cybersecurity experts and the public.
The eye care centre continues to face scrutiny over the exact scope of the incident and its response measures. Security researchers have reached out to AEA for clarification on the number of affected individuals and the validity of the ransomware gang’s claims but have yet to receive a response.
This incident shows the growing risk of data breaches in the healthcare sector, where cybercriminal groups frequently target vast amounts of sensitive information. As the investigation progresses, affected individuals are encouraged to stay alert and make use of the identity protection services provided.
