The Rehabilitation Hospital of the Northwest fell victim to a cyberattack between January 16 and February 4, 2024, where unauthorized actors gained access to its IT network. The breach compromised sensitive personal and medical data of 728 residents, including names, Social Security numbers, driver’s license numbers, health insurance details, and medical records. The incident was reported by the Washington State Office of the Attorney General on April 1, 2024, highlighting the severity of the exposure. Such data particularly Social Security numbers and medical records poses significant risks, including identity theft, financial fraud, and long-term reputational harm to both the hospital and affected individuals. The breach underscores vulnerabilities in healthcare cybersecurity, where protected health information (PHI) is a prime target for cybercriminals. The hospital may face regulatory penalties (e.g., HIPAA violations), lawsuits, and erosion of patient trust, further exacerbating operational and financial strain.
TPRM report: https://www.rankiteo.com/company/northwesthospital
"id": "nor527082925",
"linkid": "northwesthospital",
"type": "Cyber Attack",
"date": "1/2024",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'customers_affected': '728',
'industry': 'Healthcare',
'location': 'Washington State, USA',
'name': 'Rehabilitation Hospital of the Northwest',
'type': 'Healthcare Provider'}],
'data_breach': {'data_exfiltration': 'Likely (data accessed and potentially '
'exfiltrated)',
'number_of_records_exposed': '728',
'personally_identifiable_information': ['names',
'Social Security '
'numbers',
"driver's license "
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2024-02-04',
'date_publicly_disclosed': '2024-04-01',
'description': 'The Washington State Office of the Attorney General reported '
'that the Rehabilitation Hospital of the Northwest experienced '
'a cyberattack involving unauthorized access to its IT network '
'from January 16 to February 4, 2024, affecting 728 residents. '
'The breached information includes names, Social Security '
"numbers, driver's license numbers, health insurance "
'information, and medical data.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
"driver's license numbers",
'health insurance information',
'medical data'],
'identity_theft_risk': 'High (PII and medical data exposed)',
'systems_affected': ['IT network']},
'initial_access_broker': {'reconnaissance_period': 'January 16, 2024 to '
'February 4, 2024'},
'investigation_status': 'Reported (ongoing or completed not specified)',
'references': [{'date_accessed': '2024-04-01',
'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (likely)'],
'regulatory_notifications': ['Washington State '
'Office of the '
'Attorney General']},
'title': 'Cyberattack on Rehabilitation Hospital of the Northwest',
'type': 'Cyberattack (Unauthorized Access)'}