Data Breach Hits Gateway Rehabilitation Center
Table of Contents
- By Steven
- Nov 24, 2022
Gateway Rehab is a rehabilitation center focused on helping those who struggle with addiction recover. It operates 10 different out- and in-patient rehab facilities throughout Pennsylvania. In June 2022, an unauthorized party accessed sensitive data within their system, which they just filed a notice on recently. The company is now in the process of notifying patients to let them know their information could be in the wrong hands.
How Did the Attack Occur?
The original data breach took place in June 2022, followed by an internal investigation that concluded in July 2022. What investigators found was an outsider accessed the company’s internal network, gaining access to a wide range of sensitive information on their patients. As soon as it came to light that someone without the authority to be in the network had accessed it, the network was shut down, and the investigation began. The security team’s findings included health-related information as well as personal data were both available to this outside party.
What Information Was Viewed or Stolen?
The hacker was able to access many types of information, including:
- Full names
- Dates of Birth
- Driver's License and State ID Numbers
- Social Security Numbers
- Payment Card Numbers
- Health Insurance Information
- Financial Account Numbers
- Medical Data
- And More
With this array of data, hackers could easily use the information for ill-gotten gains. Rehab facilities need a lot of information to be able to provide care. Unfortunately, in this instance, it left a wide range of information at the fingertips of the wrong individual.
How Did Gateway Rehab Admit to the Breach?
Gateway Rehabilitation Center filed a notice of a breach, which alerted outsiders to the breach. They took the time to also send out letters to anyone who may have been part of the breach, letting them know what happened. Their goal was to let anyone know that their information may be exposed so they could take precautionary measures.
What Will Become of the Stolen Information?
As of right now, no one knows what the hacker accessed, stole, or plans to do with the data. It has not shown up anywhere for sale, but that could change at any moment. If the hacker does decide to sell the data, it would be worth a lot on the Dark Web because it is such a complete data set on many of the individuals involved. The secondary impact of this breach is it could lead to increased stress or doubt of those who have gone through recovery as a result.
What Should Affected Parties Do in the Aftermath of the Breach?
Anyone affected by this, or any other data breach, needs to take steps to keep their information protected. One method is due diligence in always checking statements and credit reports for inaccurate information or new lines of credit. Another method is investing in services that will monitor your identity for you. This service gives you the peace of mind that if anyone ever tries to use your personally identifiable information, you will get a notification. If it is you, then you can approve it. However, if it is someone else, you can go in, change passwords, or make calls to freeze your credit and keep your data safe.