Back to Blog
high severity May 29, 2026 · scope unconfirmed

Restorative Therapies, Inc. Listed by AiLock Ransomware Group

Restorative Therapies was established in 2004 as a partnership between researchers, engineers, and patient advocates to develop and promote Advanced Rehabilitation Technologies (ART).

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed May 29, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On May 29, 2026, Restorative Therapies, Inc. appeared on the leak site of the AiLock ransomware group after the company’s internal files were exfiltrated during a ransomware attack. The Maryland-based provider of advanced rehabilitation technologies, founded in 2004, serves patients, clinics, and research partners; anyone whose personal or medical records passed through its systems may now be at risk.

Confirmed Facts from Reporting

Public reporting indicates that AiLock claims to have stolen internal documents from Restorative Therapies. No exact victim count has been released, and the precise volume or sensitivity of the files remains unclear. The listing appeared on the group’s leak site on May 29, 2026, following the typical ransomware pattern of initial encryption, data exfiltration, and subsequent public shaming when demands go unmet.

Available details describe the exposed material as “internal files.” In similar incidents, such data has included patient intake forms, insurance details, clinical notes, employee records, and vendor contracts. Restorative Therapies has not yet issued a public confirmation or denial of the breach.

Why This Matters for You and Your Family

When a healthcare-adjacent organization loses control of records, the fallout reaches ordinary families. Your name, date of birth, address, phone number, insurance information, or treatment history may have been stored in the affected systems. Once that information reaches criminal marketplaces, it can be used for identity theft, fraudulent medical claims, or targeted phishing that feels personal because the attackers already know details about your health or your children’s care.

Medical data sells for significantly more than basic credentials. A single leaked patient file can fuel years of fraud. Even if you were never a direct patient, contractors, employees, or family members whose information touched Restorative Therapies’ network are also exposed.

The Doxxing and Identity-Chain Risks

Stolen internal files rarely stay isolated. Attackers map email addresses to usernames, link phone numbers to family members, and connect work details to home addresses. These identity chains allow them to move from one account to the next. A password found in the leak can unlock your email, which then reveals your children’s gaming accounts or school portals. What begins as a corporate ransomware incident can cascade into personal doxxing, swatting, or sustained harassment.

Credential leaks like this one frequently lead to account takeovers precisely because the same passwords and security questions are reused across work, personal, and family gaming profiles. Children’s accounts are especially vulnerable because parents often rely on familiar passwords or recovery emails that appear in the breached dataset.

AiLock’s Publicly Known Track Record

Public reporting attributes AiLock’s emergence to late 2024. The group has targeted healthcare providers, manufacturers, and mid-sized service companies. Its playbook follows a now-familiar routine: gain initial access, exfiltrate data before encryption, demand payment, then publish samples or full datasets on its leak site when victims refuse to pay. Notable prior victims include other healthcare and technology organizations, though exact details remain limited in open sources.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real-world identity so you can see exactly what chains back to the Restorative Therapies breach.
  • Rotate any password you used at Restorative Therapies or any related vendor account, then enable 2FA through an authenticator app rather than text messages.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure is caught in hours instead of months.
  • Cover the household with DoxxScan family protection that includes dependents and your children’s gaming accounts, which often become the next link in doxxing chains after credential leaks.
  • Let remediation specialists handle data-broker takedown requests and follow-up monitoring while you focus on securing your own accounts.

The Restorative Therapies incident is a reminder that healthcare-adjacent data breaches now feed directly into personal targeting chains that can affect any family member. Acting quickly limits how far attackers can travel along those chains. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that explicitly protects children’s gaming accounts. Starting your DoxxScan trial gives you both immediate visibility into your exposure and expert help cleaning up the aftermath.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.