Ernest Health rehabilitation hospitals report data breach

Ernest Health is reporting a data breach that affected its IT network as well as the networks of its hospitals between January 16, 2024, and February 4, 2024.

After detecting unusual activity within their computer network on February 1, 2024, Ernest Health secured its systems and initiated an investigation with the assistance of third-party data security specialists. Law enforcement was also notified of the incident.

The hospitals under Ernest Health that filed notices of the data breach include:

• Advanced Care Hospital of Southern New Mexico,
• Denver Regional Rehabilitation Hospital,
• Greenwood Regional Rehabilitation Hospital,
• Lafayette Regional Rehabilitation Hospital,
• Mountain Valley Regional Rehabilitation Hospital,
• Northern Colorado Rehabilitation Hospital,
• Northern Idaho Rehabilitation Hospital,
• Northern Utah Rehabilitation Hospital,
• Rehabilitation Hospital of Southern New Mexico,
• Rehabilitation Hospital of the Northwest,
• Summa Rehabilitation Hospital,
• Trustpoint Rehabilitation Hospital of Lubbock.

The breach led to the unauthorized access of sensitive patient information, including:

• names,
• Social Security numbers,
• driver's license numbers,
• addresses,
• dates of birth,
• medical record numbers,
• health insurance plan member IDs,
• claims data,
• diagnoses,
• prescription information.

The nature of the breach and the number of affected individuals is not disclosed.

Ernest Health began dispatching notification letters to all affected individuals on March 30, 2024, to alert them of the breach and the information compromised.