Superior Vision phishing attack exposes personal and health information

A phishing attack on a Superior Vision employee led to a data breach affecting sensitive customer information.

What happened

Superior Vision Services, a provider of vision benefit plans under Versant Health, experienced a cyberattack after an employee fell victim to a phishing email on July 9, 2025. An investigation later revealed that on July 11, a cybercriminal may have downloaded emails containing sensitive customer data. The compromised information includes both personally identifiable information (PII) and protected health information (PHI).

Going deeper

The exposed data spans full names, addresses, phone numbers, email addresses, dates of birth, gender, Social Security numbers, employment information, and vision coverage details. The exact number of individuals affected has not been confirmed, but is believed to be in the thousands.

Superior Vision began mailing breach notifications on September 26, 2025. The same day, the breach was reported to the New Hampshire Attorney General. Disclosures were subsequently made to the attorneys general of Massachusetts and California on September 29, and Texas on October 1, in compliance with state-level breach reporting laws.

What was said

Superior Vision and its parent company, Versant Health, responded by disabling the affected email account, reinforcing system security, and informing law enforcement. Impacted individuals are being offered one year of free credit monitoring through TransUnion’s myTrueIdentity platform.

The company encourages anyone receiving a breach notice to enroll in credit monitoring, stay vigilant for phishing scams, and consider placing fraud alerts or credit freezes as an added precaution.

The big picture

According to Paubox report data, the phishing attack that led to the Superior Vision breach shows how vulnerable healthcare still is to email-based threats. In 2024 alone, 180 healthcare organizations reported email-related breaches, making phishing the most common entry point for attackers. The incident exposed both personal and health information, adding to what Paubox says is now an average breach cost of $11 million in the healthcare sector.

FAQs

What should I do if I haven’t received a breach notice but have Superior Vision coverage?

You can contact Superior Vision or check the Versant Health website for updates. It’s also a good idea to proactively monitor your credit and health insurance claims for suspicious activity.

Why is vision coverage information considered sensitive?

Vision coverage details may include employer group data, dependent information, and benefit usage, data that could be used to commit insurance fraud or impersonate policyholders.

How does a phishing email lead to a data breach?

Phishing emails often trick employees into clicking malicious links or sharing login credentials, allowing attackers to access inboxes or systems where sensitive data is stored.

What is a fraud alert, and how do I set one up?

A fraud alert notifies lenders to verify your identity before issuing new credit. You can request one for free from any of the three major credit bureaus (Equifax, Experian, TransUnion).