A ransomware attack against Wolfe Eye Clinic in February may have exposed the personal information of nearly 500,000 past and present patients across the state, the company announced Tuesday.

First detected Feb. 8, the cyberattack gained entry to the company’s computer network and blocked access to some systems, demanding an unspecified ransom. Wolfe Eye Clinic had IT security and forensic analysts investigate the attack and did not pay the ransom, the company said in a press statement.

“Given the complexity and scale of the cyberattack detected, the full scope of information potentially impacted was not fully realized until May 28, 2021,” the statement said. A forensic investigation was finished on June 8. Wolfe Eye Clinic is notifying individuals whose name, mailing address, date of birth, Social Security number or other health and medical information may have been breached in the attack.

“We take our responsibility to protect personal information in our control very seriously and apologize for any concern or inconvenience this may cause,” said Luke Bland, chief financial officer. “We continue to closely monitor the situation and are committed to notifying past and present patients about what happened and what they can do to protect their information.”

Wolfe Eye Clinic is offering 12 months of identity monitoring at no cost to affected individuals; more information is available online, at https://response.idx.us/wolfe/ or by calling 833-909-3906 Monday through Friday. The company has 40 locations across Iowa.

“Unfortunately, these types of cyber incidents have become all too common for health care providers of all sizes nationwide,” Bland said. “We recognize the significance of this incident and moved quickly to address it once we became aware of its occurrence.”

The company is the most recent Iowa organization to announce it was attacked with ransomware. Des Moines Area Community College is still recovering its full computer systems after detecting a cyberattack in early June, which shut down summer semester classes for weeks during an investigation with the FBI. In May, meat producer JBS halted production nationally after a ransomware attack, including at its three Iowa plants in Council Bluffs, Marshalltown and Ottumwa.