In November 2021, the Northeast Rehabilitation Hospital Network in New Hampshire notified HHS of a breach. At the time, they indicated 501 patients had been affected, which is usually just a marker for “we know it’s more than 500, but we don’t know how many just yet.” The incident was coded as a hacking/IT incident involving data on the network.
On August 24, 2022, NRHN notified the Maine Attorney General’s Office of the incident. Their report indicated that on September 30, 2021, they discovered unauthorized access to their system. The unauthorized access ended on October 5, 2021. On November 29, 2021, they notified HHS and started notifying patients by notice on their website and press releases to the media.
According to their statement to Maine, a total of 190,220 people were affected. The data types involved included name, address, date of birth, driver’s license, Social Security number, and financial account information.