Northeast Rehab Network reports “information security incident”

SALEM, NH – An information security “incident” at the Northeast Rehabilitation Hospital Network may have affected current or former patients of the network, which includes four hospitals and more than two dozen outpatient facilities.

The company has no evidence that patient data has been used for identity theft or fraud, it said in a press release Friday, but added that it will “provide information about the incident, the steps taken since the incident was discovered, and the resources available to individuals to protect their data from potential misuse should they feel it appropriate.”

The company first announced in May that patient data may have been improperly accessed and informed patients by mail. Last week’s announcement provided further details on the ongoing investigation.

The press release did not specify how many patients could be potential victims. The investigation found that the breach potentially included access to names, contact information, social security numbers, patient identification numbers, medical record numbers, medical information, treatment information, diagnosis information, health insurance information, driver’s license/stated identification numbers, bank account information, and dates of birth.

Headquartered at its main hospital in Salem, the Northeast Rehabilitation Hospital Network also has acute rehabilitation clinics in Nashua, Manchester and Portsmouth, as well as 25 outpatient centers, a sports medicine department and a pediatric outpatient department. The network employs more than 1,000 people and treats thousands of patients annually, both inpatients and outpatients.

On or about May 22, NRHN became aware of suspicious activity affecting certain systems on its network. The company “immediately launched an investigation to confirm the full nature and extent of the activity.” It found that there was unauthorized access to NRHN’s network between May 13 and May 22. “Certain files and folders on the network were or may have been unauthorizedly accessed,” the company said.

The company said it will provide affected individuals with further information by letter and that the information will also be available on the company’s website.

“NRHN takes this incident and the security of the information entrusted to it very seriously,” the press release states. “Upon learning of the incident, NRHN immediately initiated an investigation to determine the nature and scope of the incident. This investigation and response included confirming the security of our systems, reviewing the content of relevant data for confidential information, and identifying the information that may have been affected. NRHN also notified federal law enforcement. As part of NRHN’s ongoing commitment to protecting the information entrusted to it, NRHN is reviewing its policies, procedures and processes to reduce the likelihood of a similar incident in the future. NRHN will also notify appropriate regulatory authorities as necessary.”

Current or former NRHN patients who believe they may be affected or have questions may email [email protected] or write to NRHN, 70 Butler St., Salem, NH 03079.

NRHN also recommends that patients review their bank statements and check their credit reports for suspicious activity. Consumers can access their credit reports weekly from the three credit reporting agencies at annualcreditreport.com or by calling 1-877-322-8228. The credit reporting agencies have more information on what to do if fraud is found on a credit report.