Tri Century Eye Care PC Data Breach Affects 200,000 Patients in Major Cybersecurity Incident

Tri Century Eye Care PC, a Pennsylvania-based healthcare provider, has reported a significant data breach to the U.S. Department of Health and Human Services (HHS), affecting approximately 200,000 individuals. The breach, which involved a hacking incident targeting the organization's network server, was reported to HHS on October 31, 2025, marking it as one of the larger healthcare data breaches of the year.

What Happened

According to the HHS Office for Civil Rights (OCR) breach report, Tri Century Eye Care PC experienced a hacking/IT incident that compromised their network server infrastructure. The breach was classified as a cybersecurity incident, indicating that unauthorized individuals gained access to the healthcare provider's digital systems.

While specific details about the attack method, timeline, and scope remain limited in the initial HHS filing, the breach's classification as a "Hacking/IT Incident" suggests that cybercriminals successfully penetrated the organization's network defenses. The location of the breach being identified as the "Network Server" indicates that the attackers likely gained access to centralized data storage systems where patient information was housed.

The breach was reported on October 31, 2025, though the actual date of discovery or occurrence may have been earlier. Healthcare organizations have up to 60 days from discovery to report breaches affecting 500 or more individuals to HHS, meaning the incident could have occurred as early as September 2025.

Who Is Affected

The breach impacts approximately 200,000 individuals who were patients of Tri Century Eye Care PC. This makes it one of the more significant healthcare data breaches in Pennsylvania and places it among the top healthcare cybersecurity incidents reported to HHS in 2025.

Given that Tri Century Eye Care PC is an eye care practice, the affected individuals likely include:

• Current patients receiving ongoing eye care treatment
• Former patients whose records were retained in the system
• Patients who may have visited any affiliated locations or partner practices
• Individuals who scheduled appointments or consultations, even if services weren't completed

Breach Details

While the HHS breach report provides limited details about the specific nature of the attack, the classification as a hacking incident involving network servers suggests several possible scenarios:

Network Infrastructure Compromise: Attackers likely gained unauthorized access to the practice's computer network, potentially through vulnerabilities in their IT systems, compromised credentials, or social engineering tactics.

Server-Based Data Access: With the breach location identified as "Network Server," the incident likely involved unauthorized access to centralized data storage systems where electronic protected health information (ePHI) was stored.

Potential Data Types at Risk: Eye care practices typically maintain comprehensive patient records that may include:

• Personal identifying information (names, addresses, phone numbers, Social Security numbers)
• Medical history and eye care treatment records
• Insurance information and billing data
• Prescription information for glasses, contacts, or medications
• Digital images of eye examinations and diagnostic tests

The scale of the breach, affecting 200,000 individuals, suggests that the attackers gained access to substantial portions of the practice's patient database.

What This Means for Patients

For the 200,000 affected individuals, this breach represents a serious compromise of their personal and medical information. Patients should be aware that their data may have been accessed by unauthorized parties, potentially exposing them to various risks:

Identity Theft Risk: If personal identifying information such as Social Security numbers, addresses, and dates of birth were compromised, patients face increased risk of identity theft and financial fraud.

Medical Identity Theft: Compromised health information could be used for medical identity theft, where criminals use patient information to obtain medical services or prescription drugs fraudulently.

Privacy Concerns: The exposure of medical records represents a significant privacy violation, potentially revealing sensitive health conditions and treatment history.

Financial Implications: Insurance information and billing data exposure could lead to insurance fraud or unauthorized medical claims.

Patients affected by this breach should receive notification letters from Tri Century Eye Care PC detailing the specific information that may have been compromised and the steps being taken to address the incident.

How to Protect Yourself

If you are a patient of Tri Century Eye Care PC or believe you may be affected by this breach, take the following protective measures:

Monitor Your Accounts: Regularly review your financial accounts, credit reports, and insurance statements for unauthorized activity. Look for unfamiliar charges, new accounts, or medical services you didn't receive.

Consider Credit Monitoring: Enroll in credit monitoring services to receive alerts about new accounts or inquiries made in your name. Many breach notification letters include offers for free credit monitoring services.

Review Medical Records: Check your insurance statements and medical records for services you didn't receive, which could indicate medical identity theft.

Update Passwords: If you used any online patient portals or services with Tri Century Eye Care PC, change your passwords immediately and ensure you're using strong, unique passwords for all healthcare-related accounts.

Stay Vigilant for Phishing: Be cautious of emails, phone calls, or texts claiming to be related to the breach. Scammers often exploit data breaches to conduct additional fraud attempts.

Contact the Practice: Reach out to Tri Century Eye Care PC directly to understand what specific information was compromised and what support services they're providing to affected patients.

Prevention Lessons for Healthcare Providers

The Tri Century Eye Care PC breach serves as a critical reminder for healthcare organizations about the importance of robust cybersecurity measures:

Network Security: Implementing comprehensive network security measures, including firewalls, intrusion detection systems, and regular security updates, is essential for protecting patient data.

Access Controls: Limiting access to patient data based on job responsibilities and implementing strong authentication measures can help prevent unauthorized access.

Employee Training: Regular cybersecurity training helps staff recognize and respond appropriately to phishing attempts, social engineering, and other common attack vectors.

Incident Response Planning: Having a well-defined incident response plan enables organizations to respond quickly and effectively when breaches occur, potentially limiting the scope and impact.

Regular Security Assessments: Conducting regular vulnerability assessments and penetration testing can help identify and address security weaknesses before they're exploited by attackers.

Data Encryption: Encrypting sensitive patient data both in transit and at rest provides an additional layer of protection even if systems are compromised.

The healthcare industry continues to be a prime target for cybercriminals due to the valuable nature of medical data. As this breach demonstrates, even specialized practices like eye care providers must maintain robust cybersecurity defenses to protect patient information.

Healthcare organizations must view cybersecurity not as an IT issue, but as a fundamental patient safety and privacy protection requirement. The financial and reputational costs of data breaches, combined with potential regulatory penalties, make cybersecurity investments essential for sustainable healthcare operations.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.