Menu
Browse

Woodruff Institute

Aliases: 2 aliases
Primary URL Location Industry
www[.]woodruffinstitute[.]com
Country United States of America
Healthcare Icon
Healthcare
Profile

The Woodruff Institute, also known as the Dermatology and Plastic Surgery Center, is a medical practice based in Florida that provides both dermatology and plastic surgery services to its patients. It offers medical dermatology care that includes the diagnosis and treatment of skin conditions, performance of skin biopsies, and management of chronic dermatologic diseases. In addition, the practice performs a range of cosmetic and reconstructive plastic surgery procedures such as facelifts, rhinoplasty, breast augmentation, liposuction, and scar revision. Patients receive comprehensive consultations, preoperative planning, and postoperative follow‑up care as part of the clinical workflow. The organization also handles administrative tasks like verifying insurance coverage, submitting Medicare claims, and processing payments for services rendered. During the payment process, it collects and stores patient credit card information to facilitate transactions. These activities require the practice to maintain electronic health records and financial systems that store personal, medical, and payment data.

The combination of clinical and administrative functions makes the Woodruff Institute a distinctive entity within the healthcare sector, as it integrates dermatologic medical care with aesthetic surgical services under one organization. Because it maintains patient records that contain insurance details, Medicare numbers, and laboratory test information, the practice is subject to federal privacy regulations such as HIPAA, which mandate safeguards for protected health information. The incident reported in June 2021 revealed that the practice also retained employee incentive compensation data, profit and loss statements, PPP loan documentation, and partial financial records including truncated bank account numbers and Social Security numbers. Furthermore, some financial agreements associated with patient payment forms exposed full credit card numbers, indicating that the practice processes payment card data in addition to health information. The ransomware group Grief justified the attack by asserting that plastic surgery represents a lucrative market separate from general healthcare, highlighting the perceived financial value of the data held by such specialty practices. This event underscored the organization’s responsibility to protect both personal health information and financial data entrusted by patients and staff.

Incidents
Linked incidents available to members
1 incident