Back to Blog
high severity June 30, 2026 · scope unconfirmed

horizoneye.com Listed by incransom Ransomware Group

Horizon Eye Care operates as a group of independent optometric clinics and medical practices across North America. Depending on your specific location, they offer comprehensive eye examinations, surgical procedures (like LASIK and cataracts), contact lens fittings, and a wide variety of designer eyeglasses.

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 30, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 30, 2026, Horizon Eye Care’s internal files appeared on the leak site of the incransom ransomware group. The North American network of independent optometric clinics and medical practices had been hit by a ransomware attack in which attackers exfiltrated sensitive company documents. Public reporting indicates the number of patients whose personal information was contained in those files remains unknown.

Confirmed Facts from Reporting

Horizon Eye Care provides eye examinations, LASIK and cataract surgery, contact lens services, and designer eyewear through clinics across North America. The incransom group posted proof of the breach on its dark-web leak site, listing Horizon Eye Care among recent victims. Available reporting describes the exposed material as internal files exfiltrated during the ransomware incident; exact volume and specific data fields have not been publicly detailed. No patient count or list of compromised record types has been confirmed by the company or independent researchers at the time of writing.

Why This Matters for You and Your Family

If you or any member of your family has visited a Horizon Eye Care clinic, your medical and personal details may now sit in an attacker-controlled archive. Health records often contain names, addresses, dates of birth, insurance information, Social Security numbers, and sometimes payment details. Once that information leaves a trusted medical provider and lands on a criminal leak site, it can be sold, traded, or used to open accounts in your name. For families with children who have also received care, the exposure can affect multiple generations at once.

The Doxxing and Identity-Chain Implications

Medical breaches rarely stop at the clinic’s doorstep. Attackers frequently combine leaked health data with credentials from other breaches to build detailed profiles. A username and password reused from an old gaming account, an email tied to your child’s Roblox or Fortnite profile, and an address from your eye-care record can quickly link together. This identity-chain effect turns a single breach into repeated targeting: phishing texts that look like they come from your eye doctor, fraudulent insurance claims, or even physical mail sent to your home demanding payment. Credential leaks like this one cascade into account takeovers and doxxing chains, especially when children’s gaming accounts share the same household email or phone number.

Incransom’s Publicly Known Track Record

Public reporting attributes the incransom group with emerging in late 2024. The gang has claimed responsibility for attacks on healthcare providers, retailers, and professional service firms. Its typical playbook involves gaining initial access through phishing or exploited remote desktop tools, exfiltrating data before encrypting systems, then publishing samples on its leak site when victims refuse to pay. Extortion demands usually carry deadlines measured in days or weeks, after which larger portions of stolen data are released in batches. Exact success rate and total victims remain unclear from open sources, but healthcare organizations appear repeatedly in its public claims.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real-world identity so you can see exactly what chains back to the Horizon Eye Care breach.
  • Rotate any password you ever used at Horizon Eye Care or any connected clinic and enable 2FA through an authenticator app on every account where that password was reused.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information surfaces you learn within hours rather than months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often share the same contact details and can fuel further doxxing chains.
  • Let remediation specialists handle the follow-up work, including sending takedown requests to data brokers and monitoring for signs of identity misuse on your behalf.

The Horizon Eye Care breach is a reminder that even routine medical visits can expose your family to long-term risk once data leaves secure systems. Taking concrete steps now limits how far attackers can travel down the identity chain. Start your DoxxScan trial and let its continuous monitoring, AI-powered identity-chain mapping, hands-on remediation by specialists, and household coverage—including children’s gaming accounts—work for you and your family.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.