Koch Eye Associates Data Breach Lawsuit Investigation
Did you receive a data-breach notice from Koch Eye Associates? A July 2025 ransomware attack has put thousands of patients at risk of identity theft and medical fraud. Find out what was stolen and learn whether you can file a claim below.
Download Official Breach Notice (PDF)
What Happened?
In late July 2025, the ransomware group Abyss infiltrated Koch Eye Associates’ network, exfiltrating an estimated 313 GB of uncompressed data. The hackers later listed the stolen files on their Tor-based dark-web leak site, increasing the likelihood that sensitive patient information could be bought or traded by cyber-criminals.
Information Reportedly Exposed
The files believed to be in Abyss’ possession contain both personally identifiable information (PII) and protected health information (PHI), including:
- Full names and contact details
- Social Security numbers
- Dates of birth
- Addresses
- Driver’s license or state ID numbers
- Health-insurance details
- Medical records and treatment data
- Financial or payment information
Why This Breach Matters
Combining medical records with traditional PII makes this breach especially dangerous because criminals can:
- Create synthetic identities or open new lines of credit
- Submit fraudulent insurance claims
- Exploit medical data for blackmail or phishing scams
Your Immediate Action Plan
- Watch for a notification. Koch Eye Associates is required by state and federal law to alert affected patients. Save every letter or email you receive.
- Monitor your credit. Check bank statements, insurance Explanation of Benefits (EOB) documents, and credit reports for unfamiliar activity.
- Place a fraud alert or credit freeze. Contact Experian, Equifax, or TransUnion to add an extra layer of security.
- Beware of phishing. Never click suspicious links or provide personal data to unsolicited callers claiming to represent Koch Eye Associates.
- Explore legal remedies. If your information was compromised, you may be eligible to join a class-action lawsuit for reimbursement of out-of-pocket losses and time spent mitigating the breach.
Potential Compensation
Courts often award victims of data breaches compensation for:
- Credit-monitoring and identity-theft-protection costs
- Bank fees, overdraft charges, or late-payment penalties linked to fraud
- Time spent disputing unauthorized transactions or correcting medical records
- Emotional distress and loss of privacy
Even if you have not detected fraud yet, you may still qualify—courts recognize the future risk created when sensitive data is exposed.
About Koch Eye Associates
Founded by Dr. Paul Koch in 1981, Koch Eye Associates is one of the largest eye-care providers on the East Coast, operating multiple clinics, laser-vision centers, and surgical facilities across Rhode Island.
Frequently Asked Questions
What caused the Koch Eye Associates data breach?
The practice was hit by a ransomware attack executed by the cyber-criminal group Abyss, who claim to have stolen 313 GB of patient data.
How do I know if I am affected by the Koch Eye Associates breach?
Look for a mailed or emailed notice from Koch Eye Associates. If you have been a patient, assume your data could be at risk and take preventive steps immediately.
What information was taken in the Koch Eye Associates data breach?
Exposed data reportedly includes names, Social Security numbers, dates of birth, addresses, government IDs, health-insurance information, medical records, and possible financial details.
Can I file a lawsuit against Koch Eye Associates?
Potentially. Victims may be able to join a class-action lawsuit seeking reimbursement for financial losses, time, and emotional distress. Consult a data-breach attorney to explore your options.
Does Koch Eye Associates have to offer free credit monitoring?
While not legally required in all states, healthcare providers often offer complimentary credit-monitoring or identity-theft protection to comply with best practices and federal guidance after a breach.