Ernest Health Data Breach Exposes 95k Patients Across 13 States To Identity Theft. Featured


A lawsuit claims Ernest Health’s failure to comply with industry standard network security allowed hackers to steal identities of patients across its network.

A class action lawsuit was recently filed against Ernest Health, the operator of thirty-six rehabilitation and long-term acute care hospitals in thirteen states, after it began notifying patients about a recent data breach involving their personal and protected health information.

What Happened?

According to the Attorney General of Massachusetts, Ernest Health was alerted to unauthorized activity in its computer systems on February 1, 2024. Ernest immediately took steps to secure its network and launched an investigation. The forensic investigation confirmed there had been unauthorized access to systems containing patient data between January 16, 2024, and February 4, 2024.

The lawsuit alleges Ernest Health was negligent by failing to adequately secure its network according to federally regulated HIPAA standards.

What Information Was Stolen?

According to HIPAA Journal, the files obtained from the cyberattack contained personal and patient information. For the majority of the affected individuals, the compromised data include –

  • names,
  • addresses,
  • dates of birth,
  • medical record numbers,
  • health insurance plan member IDs,
  • claims data,
  • diagnosis,
  • prescription information,
  • Social Security numbers
  • driver’s license numbers.

The data breach affected patients at 35 hospitals across the 13 states it operates including –

Affected Ernest Health HospitalStateIndividuals Affected
Advanced Care Hospital of Southern New MexicoNM1162
Bakersfield Rehabilitation HospitalCA852
Bloomington Regional Rehabilitation HospitalIN1191
Corpus Christi Rehabilitation HospitalTX3581
Denver Regional Rehabilitation HospitalCO848
Elkhorn Valley Rehabilitation HospitalWY3636
Greenwood Regional Rehabilitation HospitalSC5823
Lafayette Regional Rehabilitation HospitalIN2861
Laredo Rehabilitation HospitalTX1785
Laredo Specialty HospitalTX1242
Mesquite Rehabilitation InstituteTX3317
Mesquite Specialty HospitalTX1244
Midlands Regional Rehabilitation HospitalSC2018
Mountain Valley Regional Rehabilitation HospitalAZ5963
New Braunfels Regional Rehabilitation HospitalTX5384
Northern Colorado Rehabilitation HospitalCO885
Northern Idaho Advanced Care HospitalID5606
Northern Utah Rehabilitation HospitalUT3477
Rehabilitation Hospital of Northern ArizonaAZ3287
Rehabilitation Hospital of Northern IndianaIN1643
Rehabilitation Hospital of Northwest OhioOH3671
Rehabilitation Hospital of Southern CaliforniaCA925
Rehabilitation Hospital of Southern New MexicoNM5466
Rehabilitation Hospital of the NorthwestID3821
South Texas Rehabilitation HospitalTX4130
Spartanburg Rehabilitation InstituteSC4506
Summa Rehabilitation HospitalOH2986
Trustpoint Rehabilitation Hospital of LubbockTX9014
Utah Valley Rehabilitation HospitalUT1642
Weslaco Regional Rehabilitation HospitalTX2781

Ernest Health began sending Notification Letters to patients affected by the breach on March 29, 2024.

What is Ernest Health Doing To Protect My Identity?

Ernest Health announced that it has taken steps to increase network security but did not elaborate if it had taken sufficient steps to comply with HIPAA industry standards. The Company also announced that it is providing complimentary credit monitoring and identity theft protection services for two years.

If you received a data breach notification from Ernest Health, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.

Protect Your Identity. Join the Ernest Health Data Breach Class Action.

If you received a Data Breach Notice from Ernest Health, you could now be at risk of identity theft and the devastating financial and legal consequences that go along with it.

You may be eligible to participate in a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.

The lawsuit looks to cover anyone in the USA whose private information was compromised by the breach announced by Ernest Health on March 29, 2024.

Please complete the below form shown on this page and a data breach attorney will contact you. There is no cost to you and no obligation on your part.


Leave a Reply

Your email address will not be published. Required fields are marked *