March 26, 2025

Notice of Data Security Incident

Restorix Health, Inc. (“Restorix”) is committed to protecting the privacy and security of the personal information we maintain. Restorix is a healthcare services company that provides wound care management services to hospitals. We are making individuals aware of an incident that may affect the privacy of certain individuals’ information. We are providing notice of the incident so that potentially affected individuals may take steps to protect their information, should they feel it appropriate to do so.

What Happened? On or around May 30, 2024, Restorix learned that an unauthorized actor obtained access to a Restorix employee’s email account.

Upon learning of this issue, we secured the account and commenced a prompt and thorough investigation in consultation with external cybersecurity professionals who regularly investigate and analyze these types of incidents. After an extensive investigation and manual document review, we discovered on November 27, 2024 that some personal and/or protected health information of individuals affiliated with our healthcare partners was contained in the account that was accessed between May 7, 2024 and May 29, 2024. Restorix advised our healthcare partners of this incident on December 18, 2024.

What Information Was Involved? The information involved varied by individual, including first and last name and one or more of the following: date of birth, driver’s license number, government identification number, passport number, Social Security number, patient ID number, medical information, prescription information, dates of service, condition, treatment, or diagnosis, certificate and/or license number, and/or health insurance information.

What We Are Doing. The security and privacy of the information contained within our systems is a top priority for us. In response to this incident, we took immediate steps to secure our systems and engaged third-party forensic experts to assist in the investigation. Further, we are implementing additional cybersecurity safeguards, as needed, enhancing our employee cybersecurity training, and improving our cybersecurity policies, procedures, and protocols to help minimize the likelihood of this type of incident occurring again.

How Will Individuals Know If They Are Affected By This Incident? Restorix is providing notice to individuals whose information was determined to be contained in the impacted email account to the extent we have valid mailing addresses, commencing on February 14, 2025. If an individual does not receive a letter but would like to know if they are potentially affected, they may call 1-833-799-4480.

For More Information. For individuals seeking more information or who have questions, please call 1-833-799-4480. The response line is staffed with professionals familiar with this incident and knowledgeable about what you can do to protect against misuse of your information. The response line is available Monday through Friday, 9:00AM to 9:00PM Eastern time.

What You Can Do. We encourage individuals to remain vigilant against incidents of identity theft and fraud by reviewing your account statements, explanation of benefits forms, and monitoring your free credit reports for suspicious activity and to detect errors. Under U.S. law individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report, place a fraud alert, or a security freeze. Contact information for the credit bureaus is below:

Placing a Fraud Alert on Your Credit File.

You may place an initial one-year “Fraud Alert” on your credit files, at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others.

Consider Placing a Security Freeze on Your Credit File.

If you are very concerned about becoming a victim of fraud or identity theft, you may request a “Security Freeze” be placed on your credit file, at no charge. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by contacting all three nationwide credit reporting companies at the numbers below and following the stated directions or by sending a request in writing, by mail, to all three credit reporting companies:

In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

If your personal information has been used to file a false tax return, to open an account or to attempt to open an account in your name or to commit fraud or other crimes against you, you may file a police report in the City in which you currently reside.

If you do place a security freeze prior to enrolling in any credit monitoring service, you will need to remove the freeze in order to sign up for the credit monitoring service. After you sign up for the credit monitoring service, you may refreeze your credit file.

Additional Information

You may further educate yourself regarding identity theft, fraud alerts, credit freezes, and the steps you can take to protect your personal information by contacting the consumer reporting bureaus, the Federal Trade Commission, or your state Attorney General. The Federal Trade Commission may be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General. This notice has not been delayed by law enforcement.

Protecting Your Medical Information.

The following practices can provide additional safeguards to protect against medical identity theft.

• Only share your health insurance cards with your health care providers and other family members who are covered under your insurance plan or who help you with your medical care.
• Review your “explanation of benefits statement” which you receive from your health insurance company. Follow up with your insurance company or care provider for any items you do not recognize. If necessary, contact the care provider on the explanation of benefits statement and ask for copies of medical records from the date of the potential access (noted above) to current date.
• Ask your insurance company for a current year-to-date report of all services paid for you as a beneficiary. Follow up with your insurance company or the care provider for any items you do not recognize.

Iowa Residents: You may contact law enforcement or the Iowa Attorney General’s Office to report suspected incidents of identity Theft: Office of the Attorney General of Iowa, Consumer Protection Division, Hoover State Office Building, 1305 East Walnut Street, Des Moines, IA 50319, www.iowaattorneygeneral.gov, Telephone: 515-281-5164.

Maryland Residents: You may obtain information about avoiding identity theft from the Maryland Attorney General’s Office: Office of the Attorney General of Maryland, Consumer Protection Division, 200 St. Paul Place, Baltimore, MD 21202, www.marylandattorneygeneral.gov, Telephone: 888-743-0023.

Massachusetts Residents: Under Massachusetts law, you have the right to obtain a police report in regard to this incident. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.

New York Residents: You may obtain information about preventing identity theft from the New York Attorney General’s Office: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; https://ag.ny.gov/consumer-frauds-bureau/identity-theft; Telephone: 800-771-7755.

North Carolina Residents: You may obtain information about preventing identity theft from the North Carolina Attorney General’s Office: Office of the Attorney General of North Carolina, Consumer Protection Division, 9001 Mail Service Center, Raleigh, NC 27699-9001, www.ncdoj.gov/, Telephone: 877-566-7226 (Toll-free within North Carolina), 919-716-6000.

Oregon Residents: You may obtain information about preventing identity theft from the Oregon Attorney General’s Office: Oregon Department of Justice, 1162 Court Street NE, Salem, OR 97301-4096, www.doj.state.or.us/, Telephone: 877-877-9392.

Washington D.C. Residents: You may obtain information about preventing identity theft from the Office of the Attorney General for the District of Columbia, 400 6th Street NW, Washington D.C. 20001, https://oag.dc.gov/consumer-protection, Telephone: 202-442-9828.

Rhode Island Residents: Under Rhode Island law, individuals have the right to obtain any policy report filed in regard to this event. You may contact law enforcement, such as the Rhode Island Attorney General’s Office, to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. You can contact the Rhode Island Attorney General at: Rhode Island Office of the Attorney General, 150 South Main Street, Providence, RI 02903, www.riag.ri.gov, (401) 274-4400. There was 1 Rhode Island resident that may be affected by this incident.

New Mexico Residents: You have rights under the federal Fair Credit Reporting Act (FCRA). These include, among others, the right to know what is in your file; to dispute incomplete or inaccurate information; and to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information. For more information about the FCRA, please visit www.consumer.ftc.gov/articles/pdf-0096-fair-credit-reporting-act.pdf or www.ftc.gov.

Further, pursuant to the Fair Credit Reporting Act, the consumer reporting bureaus must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to consumers’ files is limited; consumers must give consent for credit reports to be provided to employers; consumers may limit “prescreened” offers of credit and insurance based on information in their credit report; and consumers may seek damages from violators. Consumers may have additional rights under the Fair Credit Reporting Act not summarized here. Identity theft victims and active-duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage consumers to review their rights pursuant to the Fair Credit Reporting Act by visiting www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf, or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580.

In Addition, New Mexico Consumers Have the Right to Obtain a Security Freeze or Submit a Declaration of Removal

As noted above, you may obtain a security freeze on your credit report to protect your privacy and ensure that credit is not granted in your name without your knowledge. You may submit a declaration of removal to remove information placed in your credit report as a result of being a victim of identity theft. You have a right to place a security freeze on your credit report or submit a declaration of removal pursuant to the Fair Credit Reporting and Identity Security Act.

This notice is being provided on behalf of the following covered entities:

Beacon Health System – Elkhart General Hospital

FOR IMMEDIATE RELEASE

HIPAA Media Notice

DUBLIN, OHIO March 24, 2025 – CPS Solutions, LLC (“CPS Solutions”), which helps support pharmacy operations of health care clients, is providing notice on behalf of Three Rivers Hospital of a cybersecurity incident that may have affected some individuals in the state of Michigan.

On December 4, 2024, the company became aware of unauthorized access by an unknown third party to one CPS Solutions employee’s business email account and immediately took appropriate steps to prevent further unauthorized access. The email account was secured that same day, and an investigation was launched to determine the potential scope and impact. The investigation indicated that data from the account was accessed and removed between December 2 to 4, 2024. On January 24, 2025, CPS Solutions completed a comprehensive review which identified all customers and individuals potentially affected by this incident and what information was involved. Based on the results of that review, the company formally notified the above provider of this incident on February 10, 2025.

The personal information involved may have included: full name, date of birth, health insurance information (such as member/group ID number or Medicaid/Medicare number), and/or medical information (such as medical record number, clinical information, provider information, diagnosis or treatment information, or prescription information such as medication name). Please note that not all data elements were involved for all individuals. Social Security Numbers, driver’s license numbers, credit and debit card information, bank account information, test results, images, hospital medical records and account passwords were NOT involved for these residents.

The company regrets this incident and any concern it may have caused anyone. Protecting individuals’ information is a key priority for the organization. As soon as the incident was discovered, the company took immediate action to mitigate and remediate the incident and to help prevent further unauthorized activity.  The company is not aware of any misuse of individuals’ information as a result of this incident to date.

The company is offering affected residents two (2) years of free credit monitoring and identity protection services and encourages them to check https://response.idx.us/cps-matter/ for more information.  The company also encourages individuals to carefully review statements sent from healthcare providers and insurance companies to ensure that all account activity is valid. Any questionable charges should be promptly reported to the provider or company with which the account is maintained. Additionally, a dedicated toll-free call center has been established to help answer individuals’ questions and can be reached at 1-877-332-4437 between 8:00 AM to 8:00 PM CT, Monday through Friday, except holidays.