San Diego Eye Bank
Analysis of the San Diego Eye Bank ransomware attack exposing patient and donor data.
Published by the Scrutex.ai Research Team | February 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
San Diego Eye Bank
Non-profit eye tissue banking organisation providing corneal tissue for transplant surgery and research in the San Diego region.
Sector
Healthcare
Region
United States
Date of Incident
Prior to February 2026 (exact date not disclosed)
Date Disclosed
February 2026
Estimated Impact
Unknown
Data Types Exposed
Patient and donor data (specific fields not publicly detailed)
Attack Type
Ransomware
Attack Vector
Ransomware deployment (specific initial access vector not disclosed)
Current Status
Under investigation. HIPAA breach notification filed.
Severity Assessment
Moderate. A non-profit healthcare organisation providing essential tissue banking services was disrupted by ransomware, with patient and donor data at risk.
What Happened
In February 2026, San Diego Eye Bank disclosed a ransomware attack. The compromised data reportedly includes patient and donor data.
Donor data in healthcare is sensitive and subject to specific regulations. HIPAA breach notification requirements apply.
Timeline
February 2026
San Diego Eye Bank discloses ransomware attack affecting patient and donor data
Impact and Risk Assessment
For Affected Individuals
Patients and tissue donors had their personal and health data exposed. Donor data is particularly sensitive and subject to enhanced privacy expectations.
For Organisations
San Diego Eye Bank faces operational disruption to essential tissue banking services in addition to HIPAA compliance obligations.
Ransomware disruption to tissue banking operations could have downstream effects on transplant surgery schedules.
Regulatory Context
HIPAA breach notification requirements apply. Tissue banking is also subject to FDA oversight regarding donor screening and record-keeping.
What Should You Do?
If You Are a Potentially Affected Individual
If you are a patient or donor of San Diego Eye Bank, monitor any notifications and take advantage of support services offered.
If You Are a Security or Risk Professional
Non-profit healthcare organisations should implement ransomware preparedness measures proportionate to the sensitivity of data they hold, regardless of their size or funding constraints.
Learnings and Recommendations
Eye tissue banking organisations hold sensitive donor and patient data. Ransomware groups continue to target healthcare organisations regardless of their size or specialisation.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.