Northeast Rehabilitation Hospital Network

On January 6, 2025, the Vermont Office of the Attorney General disclosed a data breach affecting Northeast Rehabilitation Hospital Network (NRHN), occurring between May 13–22, 2024. An unauthorized individual gained access to NRHN’s systems, compromising personal information, including names, of approximately 40 Rhode Island residents. While the full scope of exposed data remains undisclosed, the incident highlights vulnerabilities in NRHN’s cybersecurity defenses, particularly concerning patient and resident confidentiality.The breach underscores risks associated with third-party or insider threats, though the exact method of infiltration (e.g., phishing, exploited vulnerability) was not specified. As a healthcare provider, NRHN handles sensitive patient data, making such breaches particularly critical due to regulatory obligations (e.g., HIPAA) and potential reputational damage. The limited public details suggest the attack did not involve ransomware or large-scale financial fraud, but the exposure of personal identifiers could enable identity theft or targeted scams.NRHN likely faced operational disruptions during the investigation, including forensic analysis, notification protocols, and potential regulatory scrutiny. The incident serves as a reminder of the growing targeting of healthcare institutions by cybercriminals, driven by the high value of medical records on underground markets.

Source: https://ago.vermont.gov/document/2025-01-06-northeast-rehabilitation-hospital-network-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/northeast-rehabilitation-hospital-network

"id": "nor546091725",
"linkid": "northeast-rehabilitation-hospital-network",
"type": "Breach",
"date": "5/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '40 (Rhode Island residents)',
                        'industry': 'Healthcare',
                        'location': ['Vermont',
                                     'Rhode Island (impacted residents)'],
                        'name': 'Northeast Rehabilitation Hospital Network '
                                '(NRHN)',
                        'type': 'Healthcare Provider'}],
 'data_breach': {'number_of_records_exposed': '40 (Rhode Island residents)',
                 'personally_identifiable_information': 'Yes (names)',
                 'sensitivity_of_data': 'Moderate (PII)',
                 'type_of_data_compromised': ['Personal information (including '
                                              'names)']},
 'date_publicly_disclosed': '2025-01-06',
 'description': 'On January 6, 2025, the Vermont Office of the Attorney '
                'General reported a data breach incident involving Northeast '
                'Rehabilitation Hospital Network (NRHN). The breach occurred '
                'between May 13, 2024, and May 22, 2024, when an unauthorized '
                'individual accessed NRHN systems, potentially exposing '
                'personal information, including names. Approximately 40 Rhode '
                'Island residents may have been impacted by this incident.',
 'impact': {'data_compromised': ['Personal information (including names)'],
            'identity_theft_risk': 'Potential'},
 'references': [{'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
                                                        'Attorney General']},
 'threat_actor': 'Unauthorized individual',
 'title': 'Data Breach at Northeast Rehabilitation Hospital Network (NRHN)',
 'type': 'Data Breach'}