(KWWL) -- Wolfe Eye Clinic, which has locations across Iowa, announced on Tuesday that its current and former patients' personal information may have been accessed by an unauthorized third party in a data breach in February.
The records of roughly 500,000 patients may have been stolen as part of the ransomware attack.
The breach happened on February 8, but the company didn't realize the full impact of the breach until May 28. The clinic launched an investigation with the help of an independent IT firm, which was finished on June 8, after they detected the breach. The clinic says hackers demanded a ransom to unlock access to its systems, but the company didn't pay the hackers.
The investigation found patient information that may have been accessed included: names, mailing address, dates of birth, Social Security numbers, and protected medical/health information.
The clinic is contacting anyone that may have been impacted by the breach and have begun mailing letters to everyone whose information may have been compromised. According to a notice on their website, the clinic is "implementing additional safeguards and enhanced security measures to better protect the privacy and security of information in our systems."
The company is providing a free year of identity monitoring services courtesy of IDX for affected individuals. Anyone with questions can call IDX at 1-833-909-3906 Monday through Friday, between 8 a.m. - 8 p.m. CST for assistance, or click here.
Wolfe Eye Clinic has several locations in the KWWL viewing area, including in Cedar Falls, Hiawatha, Iowa City, Sigourney, Toledo, Traer, Waterloo, and Waverly.
The Associated Press contributed to this story.