In March 2021, Colorado Retina Associates (CRA) reported that a phishing incident had potentially exposed the protected information of nearly 27,000 patients. Phishing occurs when a fraudulent email or other communication is disguised to look trustworthy to induce individuals to share sensitive information or click on malicious links or attachments. An investigation found that an unauthorized party had accessed two CRA email accounts and may have copied patients’ full names, birthdates, Social Security numbers, etc.