Ernest Health Data Breach Exposes 95k Patients Across 13 States To Identity Theft. Featured
A lawsuit claims Ernest Health’s failure to comply with industry standard network security allowed hackers to steal identities of patients across its network.
A class action lawsuit was recently filed against Ernest Health, the operator of thirty-six rehabilitation and long-term acute care hospitals in thirteen states, after it began notifying patients about a recent data breach involving their personal and protected health information.
What Happened?
According to the Attorney General of Massachusetts, Ernest Health was alerted to unauthorized activity in its computer systems on February 1, 2024. Ernest immediately took steps to secure its network and launched an investigation. The forensic investigation confirmed there had been unauthorized access to systems containing patient data between January 16, 2024, and February 4, 2024.
The lawsuit alleges Ernest Health was negligent by failing to adequately secure its network according to federally regulated HIPAA standards.
What Information Was Stolen?
According to HIPAA Journal, the files obtained from the cyberattack contained personal and patient information. For the majority of the affected individuals, the compromised data include –
- names,
- addresses,
- dates of birth,
- medical record numbers,
- health insurance plan member IDs,
- claims data,
- diagnosis,
- prescription information,
- Social Security numbers
- driver’s license numbers.
The data breach affected patients at 35 hospitals across the 13 states it operates including –
| Affected Ernest Health Hospital | State | Individuals Affected |
| Advanced Care Hospital of Southern New Mexico | NM | 1162 |
| Bakersfield Rehabilitation Hospital | CA | 852 |
| Bloomington Regional Rehabilitation Hospital | IN | 1191 |
| Corpus Christi Rehabilitation Hospital | TX | 3581 |
| Denver Regional Rehabilitation Hospital | CO | 848 |
| Elkhorn Valley Rehabilitation Hospital | WY | 3636 |
| Greenwood Regional Rehabilitation Hospital | SC | 5823 |
| Lafayette Regional Rehabilitation Hospital | IN | 2861 |
| Laredo Rehabilitation Hospital | TX | 1785 |
| Laredo Specialty Hospital | TX | 1242 |
| Mesquite Rehabilitation Institute | TX | 3317 |
| Mesquite Specialty Hospital | TX | 1244 |
| Midlands Regional Rehabilitation Hospital | SC | 2018 |
| Mountain Valley Regional Rehabilitation Hospital | AZ | 5963 |
| New Braunfels Regional Rehabilitation Hospital | TX | 5384 |
| Northern Colorado Rehabilitation Hospital | CO | 885 |
| Northern Idaho Advanced Care Hospital | ID | 5606 |
| Northern Utah Rehabilitation Hospital | UT | 3477 |
| Rehabilitation Hospital of Northern Arizona | AZ | 3287 |
| Rehabilitation Hospital of Northern Indiana | IN | 1643 |
| Rehabilitation Hospital of Northwest Ohio | OH | 3671 |
| Rehabilitation Hospital of Southern California | CA | 925 |
| Rehabilitation Hospital of Southern New Mexico | NM | 5466 |
| Rehabilitation Hospital of the Northwest | ID | 3821 |
| South Texas Rehabilitation Hospital | TX | 4130 |
| Spartanburg Rehabilitation Institute | SC | 4506 |
| Summa Rehabilitation Hospital | OH | 2986 |
| Trustpoint Rehabilitation Hospital of Lubbock | TX | 9014 |
| Utah Valley Rehabilitation Hospital | UT | 1642 |
| Weslaco Regional Rehabilitation Hospital | TX | 2781 |
Ernest Health began sending Notification Letters to patients affected by the breach on March 29, 2024.
What is Ernest Health Doing To Protect My Identity?
Ernest Health announced that it has taken steps to increase network security but did not elaborate if it had taken sufficient steps to comply with HIPAA industry standards. The Company also announced that it is providing complimentary credit monitoring and identity theft protection services for two years.
If you received a data breach notification from Ernest Health, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.
Protect Your Identity. Join the Ernest Health Data Breach Class Action.
If you received a Data Breach Notice from Ernest Health, you could now be at risk of identity theft and the devastating financial and legal consequences that go along with it.
You may be eligible to participate in a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.
The lawsuit looks to cover anyone in the USA whose private information was compromised by the breach announced by Ernest Health on March 29, 2024.
Please complete the below form shown on this page and a data breach attorney will contact you. There is no cost to you and no obligation on your part.