MARSHALLTOWN, Iowa — Marshalltown-based Wolfe Eye Clinic announced Tuesday the personal information of roughly 500,000 current and former patients may have been inappropriately accessed in a cyberattack earlier this year.
Wolfe said there have not been any reports of related identity theft since the Feb. 8 cyberattack, but out of an abundance of caution, is notifying all affected individuals including employees and vendors.
The clinic was "the target of a deliberate cyberattack involving an unauthorized third party, which tried to break into the company’s computer network and then blocked access to some of its systems", according to a press release.
Wolfe said once it detected the incident, it responded immediately. They also began an investigation with assistance from information technology specialists and forensic investigators.
"Quite simply at the Wolfe Clinic we don't do business with criminals," Chief Financial Officer Luke Bland said. "We have very strong backups. We did not lose any patient data and quite simply, paying the ransom would not have put the clinic or our patients in any better position."
The release says Wolf Eye Clinic did not pay a ransom demanded by the attackers.
"Given the complexity and scale of the cyberattack detected, the full scope of information potentially impacted was not fully realized until May 28, 2021," the release adds.
Wolfe said the forensic investigation into the incident wasn’t finished until June 8.
Wolfe Eye Clinic has locations across Iowa, including:
- Ames
- Cedar Falls
- Des Moines
- Spencer
- Ottumwa