Substitute Notice – Privacy Incident

Westwind Recovery®  |  Los Angeles, California

Notice to affected individuals.  This notice is posted on behalf of Westwind Recovery® for individuals who did not receive the mailed notification letter. If you believe you may be an affected patient, please read this notice in full and contact us using the information at the bottom of this page.

RE: Important Notice Regarding the Privacy of Your Health Information

We are providing this notice to inform you of an incident that may have affected the privacy of your personal health information. In early March 2026, Pacific Recovery Solutions, doing business as Westwind Recovery® (a subsidiary of Elysian Health LLC), discovered that a staff member’s work email account had been compromised by a phishing attack — a type of email fraud designed to deceive users into clicking a malicious link.

What Happened

As a result of this attack, between March 2, 2026 and March 10, 2026, emails sent by the affected staff member automatically had a redirect applied — meaning that anyone who replied to those emails had their reply automatically forwarded to an unauthorized external email address controlled by the attacker. The affected staff member’s account handled communications related to patient admissions, treatment coordination, and discharge planning. We discovered and corrected this redirect on March 10, 2026. 

Date of Breach

The breach occurred between March 2, 2026 and March 10, 2026. The unauthorized email redirect was discovered and corrected on March 10, 2026. 

Whether Notification Was Delayed Due to Law Enforcement

Notification of this incident was not delayed as a result of any law enforcement investigation. 

What Information Was Involved

The communications that may have been affected could include some or all of the following types of personal and health information:

  • Your name
  • Contact information (phone number, address)
  • Dates of admission, discharge, or treatment
  • Treatment program information (type of program, location)
  • Clinical information (diagnoses, treatment plan details, continuing care arrangements)
  • Health insurance or billing information

Because Westwind Recovery® is a Mental Health Treatment Center, some of the affected information may constitute federally protected SUD patient records under 42 C.F.R. Part 2. These records carry heightened confidentiality protections under federal law, including restrictions on the use of such information in any civil, criminal, administrative, or legislative proceedings against you without your written consent or a court order. 

We want to be clear: the staff member’s email account was not used to send patient information externally — the concern is that replies to emails sent by that staff member during this window may have been redirected to the attacker. Not every patient was necessarily affected. We are providing this notice out of an abundance of caution because your information may have been present in communications during this period.

What We Are Doing

We take the privacy and confidentiality of your health information extremely seriously, and we deeply regret that this incident occurred. Since discovering the redirect on March 10, 2026, we have taken the following steps:

  • Immediately corrected the unauthorized email redirect setting and secured the affected account
  • Implemented multi-factor authentication (MFA) across all staff email accounts to prevent this type of attack from occurring again
  • Engaged a privacy and cybersecurity compliance consultant to conduct a full investigation and assess our compliance obligations
  • Directed our IT provider to conduct a comprehensive forensic review of all affected accounts and implement additional security controls
  • Reviewed our email security practices and are implementing encrypted email for communications involving patient information
  • Notified the U.S. Department of Health and Human Services (HHS) as required by law

We are also working with our IT provider to implement additional technical safeguards including automated monitoring for unauthorized email routing rules, stronger controls on external email forwarding, and enhanced security training for all staff members. 

What You Can Do

While we have no evidence that your information has been misused, we recommend the following precautionary steps:

  • Monitor your Explanation of Benefits (EOB) statements and any healthcare bills you receive. If you see charges for services you did not receive, contact your insurance company or benefits administrator immediately.
  • Review your credit reports for any unusual activity. You are entitled to one free credit report per year from each of the three major credit bureaus at AnnualCreditReport.com or by calling 1-877-322-8228.
  • Consider placing a fraud alert on your credit file by contacting one of the three major credit bureaus listed below. A fraud alert is free and requires businesses to verify your identity before extending new credit.
  • If you believe your information is being misused, you may file a complaint with the Federal Trade Commission (FTC) at IdentityTheft.gov or 1-877-438-4338.

Complimentary Identity Theft Prevention and Mitigation Services

Because Westwind Recovery® was the source of this breach, we are offering complimentary identity monitoring and protection services for a period of twelve (12) months through Equifax. These services include credit monitoring, identity theft insurance, and identity restoration assistance.

How to enroll if you did not receive a mailed letter.  To receive your individual Equifax activation code and enrollment instructions, please contact us directly by phone at (833) 350-5835 or by email at privacy@westwindrecovery.com. A Westwind Recovery® representative will verify your identity and provide your code at no charge.

If you believe you are a victim of identity theft or that your information has been misused, we will assist you with identity restoration services at no cost to you.

Credit Reporting Agency Contact Information

You may contact any of the three major credit reporting agencies to place a fraud alert, request a credit freeze, or obtain a free copy of your credit report:

Equifax Experian TransUnion
1-800-685-1111

P.O. Box 740241

Atlanta, GA 30374

equifax.com

 1-888-397-3742

P.O. Box 9554

Allen, TX 75013

experian.com

 1-800-888-4213

P.O. Box 1000

Chester, PA 19016

transunion.com

For More Information

If you have questions about this notice or would like more information about the incident, please contact us:

Reporting Entity Pacific Recovery Solutions dba Westwind Recovery®, a subsidiary of Elysian Health LLC
Dedicated Response Line (833) 350-5835
Email privacy@westwindrecovery.com
Mailing Address Westwind Recovery® c/o Elysian Health LLC 7966 Beverly Blvd, Suite 200 Los Angeles, California 90048 Attn: Privacy Officer
Hours Monday – Friday, 9:00 AM – 5:00 PM Pacific

You may also contact the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) at hhs.gov/ocr or 1-800-368-1019 if you believe your health information privacy rights have been violated under HIPAA or the federal Confidentiality of Substance Use Disorder Patient Records regulations (42 C.F.R. Part 2). You have the right to file a complaint directly with the HHS Secretary or with Westwind Recovery®. You will not be retaliated against for filing a complaint. 

We sincerely apologize for this incident and any concern or inconvenience it may cause you. We are committed to protecting the privacy of your health information and have taken — and continue to take — meaningful steps to prevent this from happening again. Your trust is important to us. 

Sincerely, 

Justin White
Chief Executive Officer
Westwind Recovery®

Posted: 5/13/26  |  This notice will remain posted for a minimum of 90 days from the date above.