River City Eye Care announces data breach tied to Genesis ransomware group

The Oregon-based organization is notifying patients of the breach. 

What happened

River City Eye Care has begun notifying patients of a data breach on or around September 8th, 2025. According to the Portland and Happy Valley provider, an unauthorized actor was able to access River City’s network and exfiltrate files. 

An investigation, which was completed on October 1st, revealed that certain private information and data may have been accessed or stolen. River City determined the following information was accessed: address, email address, phone number, and date of birth. For some, driver’s license numbers and Social Security numbers were also involved. Notification letters were mailed out beginning on October 16th, 2025, and outline additional steps for impacted individuals. The incident has not yet been included on the Department of Health and Human Services’ (HHS) data breach site, so the number of impacted individuals is currently unknown. 

Going deeper

The ransomware group Genesis claimed the attack on October 21st, 2025. Genesis claims to have 200 gigabytes of data, including medical data and records, data from company management hosts, and various data from fileservers. 

The malicious group has only been discovered this year, but allegedly already has nine victims, including law and financial service companies, a medical care technology company, and a health insurance benefit provider. 

Currently, it’s unknown what Genesis may have demanded in exchange for the data or if River City engaged in any negotiations. 

The big picture

Data breaches continue to trouble the healthcare industry. According to Paubox reports, the average cost of a data breach has risen to $11 million, a steady increase from the previous year of $9.8 million. These costs can be debilitating for healthcare organizations, and often include costs associated with lawsuits, fines, and operational fallout. Since 2018, ransomware attacks have surged 264%, proving how organizations must prepare for these threats.  

FAQs

Why was this investigation completed relatively quickly? 

Every investigation timeline varies depending on the scope of the incident and the resources available to the practice. In this case, since we do not yet know final numbers of the impacted individuals, it’s also possible that the investigation is still ongoing despite the initial notification. 

Why was River City targeted by Genesis?

It’s unclear why any one organization may be targeted in a ransomware attack. Some organizations are targeted simply out of opportunity.