The Louisiana-based business recently notified the Department of Health and Human Services (HHS) and patients regarding a data breach.
What happened
On February 14th, RestorixHealth, Inc., filed a breach submission with the HHS. According to their filing, the location of the breached information was determined to be in the company’s email system. The type of breach was considered “unauthorized access/disclosure.”
Restorix reported that the breach impacted 38,553 individuals. Affected information included names, dates of birth, driver’s license numbers, ID and passport numbers, Social Security numbers, patient ID numbers, medical and prescription information, condition, treatment and diagnosis information, and more.
Going deeper
RestorixHealth manages wound centers to treat complex wounds that other health centers may not have the equipment or staffing to treat. The business also helps develop and manage outpatient wound centers throughout Louisiana state.
According to Restorix’s notice of a data breach, the company initially learned of unauthorized access on May 30th, 2024. Soon after, they investigated the incident and determined that a Restorix employee’s email account had been accessed between May 7th, 2024, and May 29th, 2024. The team went on to advise their healthcare partners of the incident on December 18th, 2024.
What was said
Restorix stated, “The security and privacy of the information contained within our system is a top priority for us.”
In response to the incident, Restorix said they immediately took “steps to secure our systems and engaged third-party forensic experts to assist in the investigation.” The wound care provider also said they would be implementing additional cybersecurity safeguards, enhancing their cybersecurity training, and improving their policies and procedures to prevent an event like this from occurring again.
The big picture
Many patients are unaware of just how many companies and organizations may be involved in their care. Restorix often partners with other hospitals, meaning individuals impacted by the breach may not have necessarily been aware of their connection. With such an interconnected healthcare system, it’s more important now than ever for organizations to carefully monitor their cybersecurity practices and policies.
This breach, like many others, was also connected to an email-hacking incident. Many healthcare workers–from admin, to nurses and doctors, rely on email to communicate Protected Health Information (PHI). Every organization needs a robust system in place to filter and prevent data breaches. Unfortunately, hackers have grown increasingly sophisticated, making it difficult for the everyday worker to spot malicious emails. Platforms like Paubox provide a much needed solution by automating encryption, offering spam-filtering, and more.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
