Ocuco Under Investigation for Data Breach of Over 240,000 Patient Records
Schubert Jonckheer & Kolbe LLP is investigating a data breach that led to unauthorized access to the sensitive personal and health information of 240,961 patients of eye care providers who are customers of Ocuco, Inc. Ocuco is a provider of optical software solutions for eye care businesses. Ocuco’s U.S. headquarters are in Florida.
On April 1, 2025, Ocuco identified unauthorized access to its network server. The unauthorized third party had access between March 28, 2025, and April 1, 2025. According to data leaked on the dark web by ransomware group Killsec, affected eye care provider customers include Costco, HoustonEye, Kaiser, Mayo Clinic, Optos, and Specsavers.
Although the breach occurred in March and April 2025, it appears that Ocuco did not begin to notify customers until June or July 2025, which may have violated state and federal laws. The following information may have been compromised in the breach: names, addresses, Social Security numbers, medical record numbers, health insurance numbers, provider names, prescriptions or medications, treatment or diagnosis information, lab results, medical histories, payments for health services, workers’ compensation claims with medical information, health insurance coverage information, health insurance claim information, financial account numbers without access information, and driver’s license numbers.
If your personal information was impacted by this incident, you may be at risk of identity theft and other serious violations of your privacy. As a result, you may be entitled to money damages and an injunction requiring changes to Ocuco’s cybersecurity practices.
If you received notification of this data breach or are a patient of Ocuco or one of its eye care provider customers listed above and wish to obtain additional information about your legal rights, please fill out the form below.
