SALEM, NH – An information security “incident” at Northeast Rehabilitation Hospital Network may have affected current or former patients in the network, which includes four hospitals and more than two-dozen outpatient facilities.
The company has no evidence that any patient information has been used to commit identity theft or fraud, it said in a Friday news release. But added that it is “providing information about the incident, steps taken since discovering the incident, and resources available to individuals to help protect their information from possible misuse, should they feel it is appropriate to do so.”
The company first announced in May that patient information may have been improperly accessed, and informed patients by mail. Last week’s announcement offered more details into the ongoing investigation.
The release did not say how many patients may be potential victims. The investigation found that the breach may include access to names, contact information, Social Security numbers, patient identification numbers, medical record numbers, medical information, treatment information, diagnosis information, health insurance information, driver’s license/stated identification numbers, financial account information, and dates of birth.
Northeast Rehabilitation Hospital Network is headquartered at its flagship hospital in Salem, and also has acute rehabilitation hospitals n Nashua, Manchester, and Portsmouth, as well as 25 outpatient centers, a sports medicine division and an outpatient pediatric division. The network employs more than 1,000 people and has thousands of patients a year, both for in-patient and out-patient services.
On or around May 22, NRHN became aware of suspicious activity affecting certain systems within its network. The company “immediately launched an investigation to confirm the full nature and scope of the activity,” which found there was unauthorized access to NRHN’s network between May 13 and May 22. “Certain files and folders within the network were or may have been taken without authorization,” according to the company.
The company said it will notify affected individuals by letter with more information and will also have information on the company website.
“NRHN takes this incident and the security of information in their care very seriously,” the release said. “Upon becoming aware of this incident, NRHN promptly commenced an investigation to confirm the nature and scope of this incident. This investigation and response included confirming the security of our systems, reviewing the contents of relevant data for sensitive information, and investigating to determine the information that may be involved. NRHN also notified federal law enforcement. As part of NRHN’s ongoing commitment to the privacy of information in their care, NRHN is reviewing its policies, procedures and processes to reduce the likelihood of a similar future event. NRHN will also notify applicable regulatory authorities where necessary.”
Current or former NRHN patients who believe they may have been affected, or have questions, may email NRHNCyberInfo@Northeastrehab.com or write to NRHN, 70 Butler St., Salem, NH 03079.
NRHN is also encouraging patients to review their account statements, as well as check their credit reports for suspicious activity. Consumers can access their credit reports from the three credit reporting bureaus weekly, for from, at annualcreditreport.com or by calling 1-877-322-8228. The credit bureaus have further information on what to do if fraud is detected on a credit report.