Healthcare Data at Risk: Tech Firm Ocuco Reports Massive Breach

The420.in Staff
2 Min Read

Ocuco Inc., a global provider of software solutions for eyecare professionals, has confirmed a major data breach impacting approximately 240,000 individuals in the United States. The breach has exposed a range of sensitive personal and health-related information, prompting regulatory notifications and legal obligations under U.S. state laws.

FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders

Breach Timeline and Investigation

The security incident was first detected on March 27, 2024, and Ocuco immediately launched an internal investigation, supported by third-party cybersecurity specialists. It was confirmed that an unauthorized party had gained access to certain systems and extracted files containing consumer information between February 2024 and April 2024.

While the company has not disclosed specific vulnerabilities exploited in the breach, it has stated that measures were taken to contain the breach and enhance system security post-incident. The investigation concluded in early May 2025, revealing the scale and nature of the compromised data.

Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services

Nature of Data Exposed and Notification

The types of information affected include full names, contact details, dates of birth, medical information, and insurance-related records. Ocuco is sending written notifications to affected individuals and offering identity protection services where applicable.

As per regulatory requirements, the breach was reported to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), as it involved protected health information (PHI). The OCR breach portal confirms the number of impacted individuals to be 240,000, making this one of the larger healthcare-related breaches reported in 2025 so far.

Ocuco operates in several countries and serves optometrists, ophthalmologists, and eyecare retailers. The incident raises renewed concerns over cybersecurity preparedness in healthcare technology sectors.

About the Author – Anirudh Mittal is a B.Sc. LL.B. (Hons.) student at National Forensic Sciences University, Gandhinagar, with a keen interest in corporate law and tech-driven legal change.

Stay Connected