Northeast Rehabilitation Hospital Data Breach Exposes PHI of Patients

Northeast Rehabilitation Hospital Network (NRHN) recently experienced a data breach that exposed sensitive patient information. The breach was disclosed to the Massachusetts Attorney General's office on January 6, 2025, and it was reported that 22,514 individuals in Massachusetts were affected.

The breach occurred when an unauthorized party gained access to patient pre-registration information. This information was later returned to one of NRHN’s outpatient clinics, and the probability of further disclosure or misuse of the data is considered low. However, the compromised data included highly sensitive personal and medical details, making this a significant breach.

Information exposed

The following types of information were exposed in the breach:

• Name
• Address
• Date of birth
• Referring physician
• Diagnosis
• Insurance information
• Hospital account number
• Medical record number
• Massachusetts Health ID number
• Location of the clinic where treatment occurred

Northeast Rehabilitation Hospital Network's response

In response to the breach, NRHN has taken steps to address the situation and prevent similar incidents in the future. They have reminded employees of their responsibilities in protecting patient information and are actively reviewing and updating their privacy and data security policies. These measures aim to ensure that sensitive patient data is handled with the utmost care moving forward.

Additionally, NRHN has provided affected individuals with information on how to protect themselves from potential identity theft and fraud. The organization has also offered guidance on placing security freezes on credit reports, which can help prevent unauthorized access to financial information.

Affected by the data breach?

If you believe your information was exposed in this data breach, it is important to take immediate action to protect yourself. Here are some steps you can take:

1. Monitor your accounts: Keep a close eye on your bank accounts, credit card statements, and insurance claims for any unauthorized activity.
2. Place a security freeze on your credit reports: A security freeze can prevent credit reporting agencies from releasing your credit report without your authorization. To do this, contact the three major credit reporting agencies:
3. Request a copy of your credit report: Regularly check your credit report for any unfamiliar accounts or inquiries.
4. File a police report if necessary: If you suspect that your identity has been stolen, file a report with your local law enforcement agency.
5. Contact NRHN for assistance: If you have any questions or concerns, you can reach NRHN’s Privacy Officer, Maura Gallant, at (603) 681-3045.
6. Stay informed: Follow updates from NRHN and the relevant attorney general’s offices to stay informed about any new developments related to this breach.

Taking these steps can help mitigate the potential risks associated with the breach and protect your personal and financial information.

For more details, you can access the Massachusetts Attorney General's disclosure or the Vermont Attorney General's website.