The Oregon-based organization is notifying patients of the breach.
River City Eye Care has begun notifying patients of a data breach on or around September 8th, 2025. According to the Portland and Happy Valley provider, an unauthorized actor was able to access River City’s network and exfiltrate files.
An investigation, which was completed on October 1st, revealed that certain private information and data may have been accessed or stolen. River City determined the following information was accessed: address, email address, phone number, and date of birth. For some, driver’s license numbers and Social Security numbers were also involved. Notification letters were mailed out beginning on October 16th, 2025, and outline additional steps for impacted individuals. The incident has not yet been included on the Department of Health and Human Services’ (HHS) data breach site, so the number of impacted individuals is currently unknown.
The ransomware group Genesis claimed the attack on October 21st, 2025. Genesis claims to have 200 gigabytes of data, including medical data and records, data from company management hosts, and various data from fileservers.
The malicious group has only been discovered this year, but allegedly already has nine victims, including law and financial service companies, a medical care technology company, and a health insurance benefit provider.
Currently, it’s unknown what Genesis may have demanded in exchange for the data or if River City engaged in any negotiations.
Data breaches continue to trouble the healthcare industry. According to Paubox reports, the average cost of a data breach has risen to $11 million, a steady increase from the previous year of $9.8 million. These costs can be debilitating for healthcare organizations, and often include costs associated with lawsuits, fines, and operational fallout. Since 2018, ransomware attacks have surged 264%, proving how organizations must prepare for these threats.
Every investigation timeline varies depending on the scope of the incident and the resources available to the practice. In this case, since we do not yet know final numbers of the impacted individuals, it’s also possible that the investigation is still ongoing despite the initial notification.
It’s unclear why any one organization may be targeted in a ransomware attack. Some organizations are targeted simply out of opportunity.