Valley Eye Associates has fallen victim to a ransomware attack in which sensitive patient data was exfiltrated from its network. Imperial Beach Community Clinic has started notifying patients about unauthorized access to its email environment.
Valley Eye Associates, Wisconsin
Valley Eye Associates, an ophthalmology, optometry, and LASIK eye surgery center in Appleton, WI, has recently announced that it fell victim to a ransomware attack on or around October 8, 2025. Third-party cybersecurity specialists were engaged to assist with the investigation and determined that the ransomware group had access to its network between October 8, 2025, and October 9, 2025, during which time files were exfiltrated from its network.
While data was stolen, Valley Eye Associates said there are no indications that the stolen data has been or will be used inappropriately. It is unclear how that determination was made. The ransomware group behind the attack was not mentioned in the breach notice, although the Qilin ransomware group claimed responsibility for the attack and published the stolen data, indicating the ransom was not paid. The group claimed to have exfiltrated 139 GB of data.
Valley Eye Associates is still reviewing the affected data and will notify the affected individuals when that process is completed. Valley Eye Associates said it has taken steps to improve security to prevent similar incidents in the future, including implementing additional security protections for its email environment, which suggests that email was used for initial access.
Imperial Beach Community Clinic, California
Imperial Beach Community Clinic, a California community healthcare serving the San Diego South Bay area, has notified the California Attorney General about a cybersecurity incident and data breach that was first identified almost a year ago. According to the breach notice, unusual activity was identified within its email environment on April 15, 2025. An investigation was launched to determine the nature and scope of the activity, and it was confirmed that an unauthorized individual had access to certain email accounts from February 4, 2025, to May 2, 2025. During that time, certain information in the accounts may have been acquired…