Email Accounts Compromised at Four Healthcare Orgs
Email accounts have been compromised at Restorix Health in New York, INTERLINK Health Services in Oregon, RxSight in California, and Fillmore County Hospital in Nebraska, and patient data has been exposed.
Restorix Health
Restorix Health, a Tarrytown, New York-based wound care solutions company, discovered on May 30, 2024, that an employee email account had been subjected to unauthorized access. The investigation confirmed the breach was limited to a single account, and the forensic investigation revealed the account was accessed between May 7, 2024, and May 29, 2024. The review of the account was completed on November 27, 2024, and confirmed that some protected health information had been exposed. The affected healthcare partners were notified on December 18, 2024, and it has been confirmed that 38,553 individuals were affected.
The data varied from individual to individual and may have included names, dates of birth, driver’s license numbers, government identification numbers, passport numbers, Social Security numbers, patient ID numbers, medical information, prescription information, dates of service, diagnoses/conditions, treatment information, certificate and/or license numbers, and/or health insurance information. Additional cybersecurity safeguards have been implemented, and additional training has been provided to the workforce. Notification letters were mailed to the affected individuals on February 14, 2025.
Fillmore County Hospital
Fillmore County Hospital, a 20-bed critical access hospital in Geneva, Nebraska, has determined that an employee’s email account was accessed by an unauthorized third party between October 27, 2024, and October 31, 2024. The account was immediately secured and following an extensive forensic investigation and manual review of emails, the hospital determined on December 18, 2024, that patient data had been exposed and may have been obtained by the threat actor.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
In total, 3535 individuals were affected and had their names compromised along with one or more of the following: address, email address, date of birth, age, gender, race/ethnicity, medical record number, facility identification number, client identification number, account number, account balance, payment card information, insurance information, date of service, and/or medical provider information. One individual also had their Social Security number exposed and has been offered complimentary credit monitoring services. Notification letters were mailed to the affected individuals on February 13, 2025. At the time of issuing those notifications, no evidence of misuse of patient data had been identified. Email security is being reviewed, and practices will be enhanced to prevent similar breaches in the future.
INTERLINK Health Services
INTERLINK Health Services, a Hillsboro, OR-based network providing access to specialized medical procedures including transplantation and cancer services, has identified a compromised employee email account. Suspicious activity was identified in the account on June 17, 2024, and the forensic investigation confirmed the attacker had access to the account for three days between June 15, 2024, and June 17, 2024.
The account does not appear to have been compromised in order to obtain patient data, as the threat actor searched for emails using the terms “ACH” and “wire transfer,” however, it is possible that emails containing patient data may have been viewed or downloaded. The forensic investigation confirmed that only one email account was accessed, and the breach was limited to the email account, with no access to its network. The account review was completed on December 16, 2024, and confirmed names and protected health information had been exposed, but no financial account information or passwords. The affected individuals have been offered credit monitoring services for one year. Network safeguards have been enhanced, and additional training has been provided to the workforce. The breach is not yet listed on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
RxSight
RxSight, an Aliso Viejo, CA-based ophthalmic medical technology corporation, has notified the Attorney General of Montana about a breach of patients’ names and medical information. According to the November 29, 2024, notice, an unauthorized third party accessed an employee’s email account. The email account breach was detected on May 3, 2024, when suspicious activity was detected related to a SIM swap attack, where a cybercriminal is able to take control of the victim’s phone number.
The account review confirmed on July 10, 2024, that personal information had potentially been compromised, and the review of emails in the account was completed on November 5, 2024. Notification letters are now being sent to the affected individuals. The breach is not yet listed on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
