Restorix Health says email data breach impacted over 38,000 patients

Louisiana-based healthcare provider Restorix Health said that the data security incident it suffered last year compromised the sensitive personal information of almost 40,000 individuals.

 

Headquartered in Metairie, Louisiana, Restorix specialises in the development and management of comprehensive wound care treatment centres. The company provides advanced wound care to patients at a single site and develops customized managed care plans for acute and chronic wounds.

 

In a data security incident notice posted on its website, the healthcare provider said that on May 30, it identified unauthorised access to a Restorix employee’s email account. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the breach. 

 

“After an extensive investigation and manual document review, we discovered on November 27, 2024, that some personal and/or protected health information of individuals affiliated with our healthcare partners was contained in the account that was accessed between May 7, 2024 and May 29, 2024. Restorix advised our healthcare partners of this incident on December 18, 2024,” reads the notice.

 

The compromised data included patients’ names, dates of birth, driver’s license numbers, government identification numbers, passport numbers, Social Security numbers, patient ID numbers, medical information, prescription information, dates of service, condition, treatment, diagnosis, certificate and license numbers, and health insurance information.

 

In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, Restorix said that at least 38,553 individuals were affected by the incident.

 

“In response to this incident, we took immediate steps to secure our systems and engaged third-party forensic experts to assist in the investigation. Further, we are implementing additional cybersecurity safeguards, as needed, enhancing our employee cybersecurity training, and improving our cybersecurity policies, procedures, and protocols to help minimise the likelihood of this type of incident occurring again,” the healthcare provider added.

 

Restorix has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

At the time of publishing, no known hacker group has claimed responsibility for the cyber attack on Restorix. The healthcare company also did not share details on who was behind the cyber attack or whether it has received a ransom demand.