On 11 January 2021, 20/20 Eye Care Network — a managed vision care benefits company providing administration services to health plans — discovered that an unauthorized actor had accessed and deleted files stored in AWS S3 buckets containing member information. Because the attacker deleted the files rather than simply copying them, 20/20 was unable to definitively determine whether data had been exfiltrated prior to deletion. 20/20 notified members as a precaution based on the access to the S3 environment. Approximately 3.25 million health plan members were affected. Exposed data included member IDs, names, dates of birth, addresses, Social Security numbers, and health insurance account information. 20/20 serves as a third-party administrator for vision benefits for multiple major health insurance plans. HHS OCR opened an investigation. Multiple class-action lawsuits were filed alleging inadequate security and breach notification failures. 20/20 Eye Care Network subsequently filed for bankruptcy in early 2021, making it one of the few cases where a healthcare data breach directly contributed to a company’s insolvency — joining American Medical Collection Agency (AMCA) in this rare category. The deletion of files rather than exfiltration represented an unusual attack pattern, possibly a ransomware-like extortion attempt or deliberate data destruction.