A Leidos QTC Health subsidiary is notifying individuals after suspicious activity was detected in its email environment.
Leidos QTC Health Commercial Services, operating as First Rehabilitation Resources, disclosed that suspicious activity was identified within its email system in August 2025. According to a filing submitted to the Massachusetts Attorney General on December 30, 2025, the incident led to potential exposure of both personally identifiable information and protected health information. The company shut down the affected email system, migrated users to a new platform, and confirmed that names, dates of birth, Social Security numbers, government identification numbers, and medical or insurance information may have been accessed.
Email systems remain a frequent entry point for unauthorized access because they contain administrative records, attachments, and internal communications that are difficult to inventory quickly. In this case, First Rehabilitation Resources moved to contain the incident by disabling the compromised environment and engaging external cybersecurity specialists. The combination of identity data and health-related information increased the regulatory response requirements, as both privacy and identity misuse risks had to be assessed. The organization reported that containment steps were taken to ensure the unauthorized party no longer had access to internal systems.
Rehabilitation providers have experienced a string of email and ransomware incidents recently. In December 2025, Oxford Rehabilitation Center reported unauthorized access to patient records affecting an undisclosed number of individuals, with the ransomware group Qilin later claiming responsibility. Earlier in 2025, Harbor Regional Center disclosed that an employee email account was compromised, exposing personal and medical data for individuals with developmental disabilities, while Mid South Rehab Services Inc. reported that two employee email accounts were accessed, affecting an unspecified number of patients. At a larger scale, a September 2024 ransomware attack at American Addiction Centers exposed the protected health information of 410,747 current and former patients, proving how both email compromise and ransomware remain persistent risks across the rehabilitation sector.
According to Paubox reports, email remains the primary pathway for healthcare breaches. Of the 104 email-related incidents reported to HHS in 2025 at the time of the analysis, 81% were categorized as hacking or IT incidents. While credential compromise and phishing remain the most common techniques, post-incident reviews show that attackers often exploit everyday gaps such as unmonitored inbox rules, weak display name protections, or mismanaged email configurations rather than advanced malware.
Paubox notes that these patterns contribute to growing strain on IT and security teams, who are left responding after accounts are compromised instead of preventing access in the first place. Tools like Paubox Email Suite Plus are designed to address these common failure points by automatically blocking suspicious emails and display name spoofing, reducing reliance on user judgment and ongoing IT intervention.
Email accounts store unstructured data, attachments, and internal communications, which can expose large volumes of sensitive information if accessed.
Yes. Social Security numbers can be used for identity theft, credit fraud, and account takeover if obtained by unauthorized parties.
They can enforce strong authentication, restrict external forwarding, apply access monitoring, and reduce reliance on email for transmitting sensitive information.