Over the past year, cyber attacks against practices in healthcare-related fields increased by 55%, impacting more than 26 million Americans1. This increase paired with the average cost per breached record of $499 can be worrisome for doctors of optometry.

Because your practice collects personally identifiable information from patients, including minors, you may have one of the highest risk databases in healthcare. This information can include social security numbers, birth dates, health records, addresses, payment information and more.

Consider if your practice experienced a breach from a cyber attack. The HIPAA Breach Notification Rule may require you to notify patients that a breach occurred, offer identity theft monitoring and notify the media. Imagine the uncomfortable conversations with patients and patients’ parents about their data or their child’s data being compromised.

Types of Cyber Attacks Threatening Optometric Practices

Luckily, there are steps you can take to help protect your practice. First, it is important to understand the types of cyber attacks threatening optometric practices.


Phishing campaigns involve tricking a person into compromising their computer system by giving away their password or downloading a malicious file. Often a hacker sends a phishing campaign email impersonating a coworker, IT department or familiar vendor.

Messages alert you to a new invoice, suspicious account activity or payment problem. The hacker provides a link to click to log in to your account or download an important document. Once you do, the hacker has access to your business computer systems.


A phishing campaign can turn into a ransomware attack once the hacker has access to your system. The hacker installs a malicious program that encrypts your data so you can’t access your files. Then, hacker demands a ransom in cryptocurrency to release your files.

The hacker may also steal a copy of your data and expose private information to coerce a payment. Even if you pay, there’s no guarantee you’ll get your files back and the damage to your reputation and business can be costly.

Help Prevent Cyber Attacks Threatening Optometric Practices

To help prevent a phishing campaign and ransomware attack, the proper employee training and security protections are a must:

  • Train employees to recognize phishing attempts.
  • Back up systems securely with offline storage.
  • Install new security patches and software updates.
  • Turn on two-factor authentication for login access.
  • Scan and filter email and web traffic for better safety.
  • Monitor the network for unusual or suspicious activity.
  • Limit access to protect employees and company data.
  • Create an incident response plan to minimize risk.


Cyber Liability Insurance from the Lockton Affinity

Costs associated with a cyber attack can add up quickly. Cyber Liability insurance is helpful in protecting your practice against these costs.

Through your AOA membership, you have access to Cyber Liability Insurance from Lockton Affinity. This policy helps cover the costs associated with notifying all affected parties, ongoing credit monitoring, outside investigations and more. Plus, you can choose policy limit options from $100,000 to $1M.

Help protect your practice against the increasing threat of cyber attacks. Get Cyber Liability Insurance today.


1 Bitglass. Northwestern University, John Muir Health, The Wall Street Journal. 2021, Healthcare Breach Report 2021.