What Happened
In February 2026, San Diego Eye Bank disclosed a ransomware attack. The compromised data reportedly includes patient and donor data.
Donor data in healthcare is sensitive and subject to specific regulations. HIPAA breach notification requirements apply.
Timeline
- February 2026 — San Diego Eye Bank discloses ransomware attack affecting patient and donor data
Impact and Risk Assessment
For Individuals
Patients and tissue donors had their personal and health data exposed. Donor data is particularly sensitive and subject to enhanced privacy expectations.
For Organisations
San Diego Eye Bank faces operational disruption to essential tissue banking services in addition to HIPAA compliance obligations.
Ransomware disruption to tissue banking operations could have downstream effects on transplant surgery schedules.
Regulatory Context
HIPAA breach notification requirements apply. Tissue banking is also subject to FDA oversight regarding donor screening and record-keeping.
What Should You Do?
For Individuals
- If you are a patient or donor of San Diego Eye Bank, monitor any notifications and take advantage of support services offered.
For Security Professionals
- Non-profit healthcare organisations should implement ransomware preparedness measures proportionate to the sensitivity of data they hold, regardless of their size or funding constraints.
Learnings and Recommendations
Eye tissue banking organisations hold sensitive donor and patient data. Ransomware groups continue to target healthcare organisations regardless of their size or specialisation.