Ransomware victim disclosure
← All victimsHorizon Eye Care
listed as horizoneye.com · Claimed by Incransom · listed 10 days ago
Status timeline
- ListedJun 24, 2026
- Data leakeddate unknown
At a glance
- Group
- Incransom
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Jun 24, 2026
About the victim
AI dossier — public-source company profileHorizon Eye Care is a network of independent optometric clinics and medical practices operating across the Charlotte, North Carolina area and North America. They provide comprehensive eye examinations, surgical procedures (LASIK, cataracts, corneal procedures), contact lens fittings, and optical services with 20+ fellowship-trained ophthalmologists and optometrists across 7 locations.
- Industry
- Healthcare & Ophthalmology
- Address
- Charlotte, North Carolina (7 locations: Cotswold, Huntersville, Mallard Creek, Mooresville, Pineville, Rock Hill, Waverly)
- Employees
- 51-200
- Founded
- 1999
Attack summary
Severity: high — Healthcare provider with patient data breach involving protected health information (PHI) and personally identifiable information (PII) at scale; HIPAA-regulated data; confirmed data exfiltration and publication.The incransom group claims to have attacked Horizon Eye Care and exfiltrated data from their systems. The leak post does not specify the nature or volume of data accessed, nor does it detail operational disruption.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Patient personal information
- Insurance information
- Billing records
- Physician credentials
- Contact information
What the group claims
Horizon Eye Care operates as a group of independent optometric clinics and medical practices across North America. Depending on your specific location, they offer comprehensive eye examinations, surgical procedures (like LASIK and cataracts), contact lens fittings, and a wide variety of designer eyeglasses.
Sources
Source
Indexed 10 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

