Tri-Century Eye Care Data Breach 2025 (Pear Ransomware): 200,000 Patients and Employees Exposed in PA Ophthalmology Practice Attack. What To Do
Tri-Century Eye Care PC, a Bucks County, Pennsylvania ophthalmology practice, suffered a Pear ransomware attack in September 2025 exposing 200,000 patients and employees. Data was leaked publicly. A class action is filed in Bucks County court with interim lead counsel appointed. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Sep 3, 2025
Tri-Century Eye Care detects suspicious activity on its network and begins investigation with third-party cybersecurity specialists
Sep 3, 2025
Attacker gained access
Sep 18, 2025
Pear ransomware group publicly claims responsibility and lists Tri-Century Eye Care on its dark web leak site
Sep 19, 2025
Forensic investigation confirms an unknown actor accessed the network and acquired files containing personal and protected health information; the practice's electronic medical record system itself was not accessed
Oct 13, 2025
Shub Johns & Holbrook LLP files class action lawsuit against Tri-Century in Pennsylvania Court of Common Pleas, Bucks County (Brooks v. Tri-Century Eyecare, P.C., No. 2025-07179)
Oct 30, 2025
Tri-Century Eye Care publishes a notice of data security incident on its public website
Oct 31, 2025
Filed with HHS OCR: 200,000 affected individuals, Hacking/IT Incident on Network Server, Healthcare Provider
Nov 6, 2025
Individual notification letters begin mailing to affected patients and employees
Dec 8, 2025
Edelson Lechtzin LLP publicly announces investigation of class-action claims on behalf of affected patients and employees
Dec 15, 2025
Bucks County court consolidates related actions and appoints Benjamin F. Johns of Shub Johns & Holbrook LLP as Interim Co-Lead Counsel
Sep 3, 2025
Tri-Century Eye Care detects suspicious activity on its network and begins investigation with third-party cybersecurity specialists
Sep 3, 2025
Attacker gained access
Sep 18, 2025
Pear ransomware group publicly claims responsibility and lists Tri-Century Eye Care on its dark web leak site
Sep 19, 2025
Forensic investigation confirms an unknown actor accessed the network and acquired files containing personal and protected health information; the practice's electronic medical record system itself was not accessed
Oct 13, 2025
Shub Johns & Holbrook LLP files class action lawsuit against Tri-Century in Pennsylvania Court of Common Pleas, Bucks County (Brooks v. Tri-Century Eyecare, P.C., No. 2025-07179)
Oct 30, 2025
Tri-Century Eye Care publishes a notice of data security incident on its public website
Oct 31, 2025
Filed with HHS OCR: 200,000 affected individuals, Hacking/IT Incident on Network Server, Healthcare Provider
Nov 6, 2025
Individual notification letters begin mailing to affected patients and employees
Dec 8, 2025
Edelson Lechtzin LLP publicly announces investigation of class-action claims on behalf of affected patients and employees
Dec 15, 2025
Bucks County court consolidates related actions and appoints Benjamin F. Johns of Shub Johns & Holbrook LLP as Interim Co-Lead Counsel
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
What happened
Tri-Century Eye Care, P.C. is an ophthalmology practice headquartered in Southampton, Pennsylvania with multiple locations across Bucks County. On September 3, 2025, the practice detected suspicious activity on its network and began an investigation with third-party cybersecurity specialists. By September 19, 2025, the investigation confirmed that an unknown actor had accessed the network and acquired files containing personal and protected health information. The practice has stated that the intruder did not access its current electronic medical record system; the exposure involved separate files stored on the network.
On September 18, 2025, the Pear ransomware group (sometimes described as the “PEAR Team”) publicly claimed responsibility on its dark web leak site and posted samples to substantiate the claim. The group claimed to have stolen a large volume of data described as HR, financial, and business operations documents along with emails, databases, and personal and health information. Files were subsequently published on the leak site, indicating Tri-Century did not pay a ransom.
Tri-Century published a notice of data security incident on its public website on October 30, 2025, filed the breach with HHS OCR on October 31, 2025 (listing 200,000 affected individuals, “Hacking/IT Incident” at “Network Server,” with Tri-Century in the role of Healthcare Provider), and began mailing individual notification letters on November 6, 2025.
Timeline
- September 3, 2025 — Tri-Century detects suspicious network activity and engages outside cybersecurity specialists.
- September 18, 2025 — Pear ransomware group claims the attack and lists Tri-Century on its leak site.
- September 19, 2025 — Forensic investigation confirms unauthorized access and file acquisition; the EMR system itself is determined to be unaffected.
- October 30, 2025 — Tri-Century publishes a notice of data security incident on its website.
- October 31, 2025 — HHS OCR filing: 200,000 affected, Hacking/IT Incident at Network Server.
- October 13, 2025 — Shub Johns & Holbrook LLP files class action in Bucks County (Brooks v. Tri-Century Eyecare, P.C., No. 2025-07179).
- November 6, 2025 — Individual notification letters begin mailing.
- November 7, 2025 — Lynch Carpenter LLP announces it is investigating claims.
- December 8, 2025 — Edelson Lechtzin LLP and Federman & Sherwood announce investigations.
- December 15, 2025 — Bucks County court consolidates related actions; Benjamin F. Johns (Shub Johns & Holbrook) appointed Interim Co-Lead Counsel.
What was exposed
According to Tri-Century’s notice and follow-on reporting, the files involved in this incident contained varying combinations of the following:
- Full name
- Date of birth
- Social Security number
- Medical and health information
- Treatment and diagnostic information
- Health insurance information
- Billing and payment information
- Tax and financial information
Not every individual had every field exposed. Specific elements affecting a given person are listed in that person’s individual notification letter. Because Pear published stolen files on its leak site, the affected data should be treated as already in circulation rather than merely at risk.
What the entity is offering
Tri-Century has stated that it engaged third-party cybersecurity specialists, notified the FBI and the U.S. Department of Health and Human Services, and established a toll-free call center for affected individuals. The practice also says it has implemented stronger password requirements, more frequent password changes, reduced access permissions, and offline storage of older data.
Public sources reviewed for this page do not specify a credit-monitoring product, provider, or enrollment duration. If you received a letter, check it directly for the enrollment code and the term of any complimentary monitoring offered.
Class-action posture
At least one class action is filed and active in Bucks County, Pennsylvania.
Shub Johns & Holbrook LLP filed suit on October 13, 2025, in the Pennsylvania Court of Common Pleas, Bucks County. The case is captioned Brooks v. Tri-Century Eyecare, P.C., No. 2025-07179 (Pa. Com. Pl. Bucks Cty.). On December 15, 2025, the court consolidated related actions and appointed Benjamin F. Johns of Shub Johns & Holbrook as Interim Co-Lead Counsel for plaintiffs.
Additional firms investigating or accepting intake on behalf of patients and employees:
- Edelson Lechtzin LLP (announced December 8, 2025)
- Chimicles Schwartz Kriner & Donaldson-Smith LLP
- Schubert Jonckheer & Kolbe LLP
- Lynch Carpenter LLP (announced November 7, 2025)
- Federman & Sherwood (announced December 9, 2025)
- Shamis & Gentile P.A.
- Almeida Law Group
- Barnow and Associates, P.C.
Class members do not need to retain an individual firm to participate in any eventual class settlement; class members in a certified class typically receive notice and a claims period regardless of individual retainer status.
What to do if you may be affected
This week:
- Place a free credit freeze with all three nationwide consumer reporting agencies (Equifax, Experian, TransUnion). Because SSNs and full names were in the stolen files, account-takeover and new-account fraud are realistic risks. A freeze prevents new accounts from being opened in your name and is more protective than monitoring alone.
- Enroll in any complimentary monitoring offered in your individual notification letter. Use the enrollment code in the letter. It is free to you.
- If your letter mentions SSN exposure, file IRS Form 14039 (Identity Theft Affidavit) before tax-filing season to flag your SSN against fraudulent tax-refund filings, and consider placing a fraud alert with the Social Security Administration.
This month:
- Watch health insurance EOBs and medical bills. Because diagnostic and treatment information was in the stolen files, medical identity theft (services billed under your name and insurance) is a downstream risk that credit monitoring will not catch. Review every EOB for services you did not receive and report discrepancies to your insurer.
- Decide on plaintiff representation. Several firms are accepting intake. You are not required to retain any of them, and the typical class settlement compensates class members regardless of whether they signed an individual retainer.
- Stop the ongoing flow of your medical data. Once diagnoses and treatments are on a ransomware leak site, they get scraped, enriched, and resold by data brokers and ad-tech firms. HealthConsent files HIPAA restriction requests, FTC Health Breach Notification Rule deletion requests, and state-law deletion requests across the data-broker ecosystem so the medical record exposed in this breach is not continuously re-sold downstream.
Sources
- SecurityWeek: Tri-Century Eye Care Data Breach Impacts 200,000 Individuals
- HIPAA Journal: Tri Century Eye Care & Pittsburgh Gastroenterology Associates Announce Data Breaches
- Paubox: Tri-Century Eye Care hit by PEAR ransomware attack
- Ransomware.live: Pear leak-site entry for Tri-Century Eye Care
- ClassAction.org: Tri-Century Eye Care Data Breach Impacts 200K Patients, Employees
- Edelson Lechtzin LLP press release (GlobeNewswire, Dec 8, 2025)
- Chimicles Schwartz Kriner & Donaldson-Smith LLP investigation page
- Schubert Jonckheer & Kolbe investigation page
- Almeida Law Group investigation page
- Barnow and Associates, P.C. investigation page
- SC Media: Nearly 200K impacted by Tri-Century Eye Care breach
- Shub Johns & Holbrook LLP: Benjamin F. Johns appointed Interim Co-Lead Counsel in Tri-Century Eyecare class action
- Lynch Carpenter LLP: Tri Century Eye Care data breach claims investigated
- Federman & Sherwood: Tri Century Eye Care PC data breach investigated
- ClaimDepot / Shamis & Gentile PA: Tri-Century Eye Care data breach investigation
- DeXpose threat intelligence: Pear ransomware targets Tri-Century Eye Care
- DataBreach.com: Tri-Century Eye Care breach (256,144 rows in leaked dataset)
- HHS Office for Civil Rights Breach Portal
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- SecurityWeek: Tri-Century Eye Care Data Breach Impacts 200,000 Individuals
- HIPAA Journal: Tri Century Eye Care & Pittsburgh Gastroenterology Associates Announce Data Breaches
- Paubox: Tri-Century Eye Care hit by PEAR ransomware attack
- Ransomware.live: Pear leak-site entry for Tri-Century Eye Care
- ClassAction.org: Tri-Century Eye Care Data Breach Impacts 200K Patients, Employees
- Edelson Lechtzin LLP press release (GlobeNewswire)
- Chimicles Schwartz Kriner & Donaldson-Smith LLP investigation page
- Schubert Jonckheer & Kolbe investigation page
- Almeida Law Group investigation page
- Barnow and Associates, P.C. investigation page
- SC Media: Nearly 200K impacted by Tri-Century Eye Care breach
- Shub Johns & Holbrook LLP: Benjamin F. Johns appointed Interim Co-Lead Counsel in Tri-Century Eyecare class action
- Lynch Carpenter LLP: Tri Century Eye Care data breach claims investigated
- Federman & Sherwood: Tri Century Eye Care PC data breach investigated
- ClaimDepot / Shamis & Gentile PA: Tri-Century Eye Care data breach investigation
- DeXpose threat intelligence: Pear ransomware targets Tri-Century Eye Care
- DataBreach.com: Tri-Century Eye Care breach (256,144 rows in leaked dataset)
- HHS Office for Civil Rights Breach Portal
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.