On 4 December 2021, Eye Care Leaders — a provider of EHR and practice management software specifically designed for ophthalmology practices — suffered a ransomware attack that included deliberate deletion of database tables and audit logs. The destruction of logs made HIPAA-required breach forensics extremely difficult and created uncertainty about the full extent of data exfiltration. Multiple ophthalmology practices across the US that used the myCare Integrity platform were forced to notify their patients. Eventually approximately 3.6 million patients were notified across dozens of ophthalmology practices. Affected practices included Lifetime Vision Care, Ohio Eye Alliance, Sacramento ENT, and many others. Exposed data included names, Social Security numbers, dates of birth, driver’s licence numbers, financial account numbers, health insurance information, medical history, prescription information, and clinical notes. Multiple class-action lawsuits were filed against Eye Care Leaders and affected practices. HHS OCR opened investigations. The case highlighted a supply chain concentration risk: a single EHR vendor serving hundreds of small ophthalmology practices creates a scenario where one breach simultaneously affects all clients. The deliberate destruction of audit logs to hinder forensic investigation was a notable tactic. Eye Care Leaders faced significant litigation and regulatory scrutiny for its delayed disclosure and limited breach notification specificity.